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About This Guide 


This guide describes how to install and configure the Novell® Client™ for Windows 2000/XP 
version 4.91 and later software. 


IMPORTANT: The Novell Client is not designed to run on Windows XP Home Edition. 


If you are using a previous version of the Novell Client software, you should update it to the latest 
version from Novell's Download Web site (http://download.novell.com). If you are using a previous 
version of the Novell Client software, some of the information in this documentation might not 


apply. 


This guide is divided into the following sections: 


Chapter 1, “What's New,” on page 11 


Chapter 2, “Preparing to Install the Novell Client,” on page 13 


Chapter 3, “Installing the Novell Client on a Single Workstation,” on page 17 


Chapter 4, “Installing and Upgrading the Novell Client on Multiple Workstations,” on page 21 


Chapter 5, “Setting Client Properties,” on page 51 


Chapter 6, “Managing File Security and Passwords,” on page 55 


Chapter 7, “Managing Login,” on page 67 


Chapter 8, “Printing to a Network Printer,” on page 79 


Chapter 9, “Uninstalling the Novell Client,” on page 83 


Appendix A, “Troubleshooting Issues,” on page 85 


Appendix B, “Documentation Updates,” on page 89 


Audience 


This guide is intended for network administrators. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 


For the latest version of this documentation, see the Novell Clients online documentation (http:// 
www.novell.com/documentation/lg/noclienu/index.html). 


Additional Documentation 
For documentation on known issues, see the Novell Client Readme. 


For documentation on login scripts, see the Novell Login Scripts Guide. 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
within a cross-reference path. 


A trademark symbol @, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party 
trademark. 
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What's New 


e Section 1.1, “Novell® ClientTM 4.91 Support Pack 2 for Windows 2000/XP,” on page 11 
e Section 1.2, “Novell Client 4.91 Support Pack 1 for Windows 2000/XP,” on page 11 
e Section 1.3, “Novell Client 4.91 for Windows 2000/XP,” on page 11 


1.1 Novell® Client» 4.91 Support Pack 2 for 
Windows 2000/XP 


This release includes additional Forgotten Password Recovery functionality. When a user logs in, 
the Novell Client checks to see if the password policy uses Challenge Response and if the user has 
entered responses. If responses have not been entered, the user is notified and a dialog box opens so 
that they can enter their responses. Additionally, if the password policy uses a password hint or a 
password reminder and this had not been set, the Novell Client will prompt the user to enter this 
information. 


1.2 Novell Client 4.91 Support Pack 1 for 
Windows 2000/XP 


This release includes a new feature that lets users recover when they forget their password. On the 
client log in dialog is a “Forget your password?” link. For more information, see Section 6.3.1, 
“Using the “Did You Forget Your Password?” Link,” on page 59. 


1.3 Novell Client 4.91 for Windows 2000/XP 


This release includes the following new features: 


e Changes to Update Agent to allow you to deploy new property page settings. For more 
information, see Section 5.3, “Setting Properties on Multiple Workstations after Installation,” 
on page 52. 


Changes to Automatic Client Update that allow you to enable Update Agent on multiple 
workstations without running a complete software installation. For more information, see 
“Enabling Novell Client Update Agent Using ACU Without Installing Novell Client Software” 
on page 40. 


e Changes to Novell Client Update Agent and Automatic Client Update to allow components to 
be uninstalled. For more information, see Section 9.2, “Uninstalling Network Components 
Using Update Agent or ACU,” on page 83. 


Unicode file naming in mixed language environments. 


¢ Implementation of Novell's Universal Password (also know as the NDS Login Method) 
available in NetWare 6.5 and later which provides more robust and strong password and 
password management with the ability to create a common password that can be used by all 
protocols to authenticate users. Also included are support for password hints, administrator 
messages, and password requirements. For more information, see Section 6.2, “Managing 
Passwords,” on page 56. For more information on disabling NMAS and NICI, see Section 2.6, 
“Configuring Security Authentication,” on page 14. 
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¢ Support for NetIdentity agent 


The NetIdentity agent can be installed with Novell Client or as a separate installation. It 
provides background authentication to Windows Web-based applications that require Novell 
eDirectory™ authentication such as iPrint, Novell Virtual Office, and NetStorage. 


* Windows NT is no longer supported. 
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Preparing to Install the Novell 
Client 


This section explains how to prepare to install the Novell® Client™ for Windows 2000/XP software. 


e Section 2.1, “Novell Client Software Version Numbers,” on page 13 

e Section 2.2, “Supported Windows Platforms,” on page 13 

e Section 2.3, “Supported Server Platforms,” on page 14 

e Section 2.4, “Locating the Latest Client Software,” on page 14 

e Section 2.5, “Checking for Client Workstation Incompatibilities,” on page 14 
e Section 2.6, “Configuring Security Authentication,” on page 14 


2.1 Novell Client Software Version Numbers 
The following software is included in the Novell Client for Windows 2000/XP SP2 build: 


e Novell Client 4.91 SP2 for Windows 2000/XP 
e NMAS™ 3.2.0.6 

e NMAS Challenge Response Method 2.07.0001 
e NICI 2.6.8.2 

e NetIdentity Agent 1.2.3 


2.2 Supported Windows Platforms 
Novell Client 4.91 for Windows 2000/XP supports the following Windows platforms: 
e Windows 2000 Professional 


e Windows 2000 Server 


Windows 2000 Advanced Server 

e Windows Server 2003 Server Edition (32-bit versions only) 

e Windows Server 2003 Enterprise Edition (32-bit versions only) 
e Windows XP Professional 


e Windows XP Tablet PC Edition 


IMPORTANT: Novell Client does not run on Windows XP Home Edition, Windows XP 64-bit 
Edition, or Windows Server 2003 64-bit version. 
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2.3 Supported Server Platforms 


Novell Client for Windows works with all current versions of NetWare and Open Enterprise Server 
for Linux. 


2.4 Locating the Latest Client Software 


Novell Client software is available from the Novell Download (http://download.novell.com) Web 
site and as a part of the Consolidated Support Pack CD. 


2.4.1 Downloading the Latest Software 


1 Create an installation directory. 


2 At the Novell Download (http://download.novell.com) Web site, select Novell Client from the 
Product or Technology drop-down list. 


3 Click the client software that you want to download. 


4 Follow the download instructions provided with the files on the Web site. 


2.4.2 Locating the Latest Software on the Consolidated 
Support Pack CD 


To locate the latest Novell Client software on the Consolidated Support Pack CD, check the Readme 
file located at the root of the CD. This file indicates the location of all software on the CD and gives 
instructions for installation. 


2.5 Checking for Client Workstation 
Incompatibilities 


The Novell Client is not designed to run on Windows XP Home Edition. 


2.6 Configuring Security Authentication 


By default, Novell Client implements the Novell Universal Password which provides robust and 
strong passwords. As a part of this implementation, Novell Client installs NMAS and NICI. 


NMAS authentication adds additional security to the network. However, if your network does not 
use NMAS, login might take additional time and you might want to disable NMAS authentication 
on the server and not install it with the Novell Client software. Novell Client installs NICI Client 
2.6.8.2 and NMAS Client 3.2.0.6 by default. If you do not want to install them during the Client 
installation, install using a configuration file (unattend) that specifies not to install them. For more 
information, see “Creating the Configuration File (Unattend File)” on page 44. 


NOTE: If you disable NMAS, the Challange Response functionality will not be available. 


For more information on disabling NMAS, see “Disabling NMAS on the Server” in the Novell 
Modular Authentication Services 3.0 Administration Guide (http://www.novell.com/documentation/ 
nmas30/index.html?page=/documentation/nmas30/admin/data/am4bbpx.html). 
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For more information on deploying universal passwords, see the Universal Password Deployment 
Guide in the Novell Modular Authentication Services 3.0 Administration Guide (http:// 
www.novell.com/documentation/nmas30/index.html?page=/documentation/nmas30/admin/data/ 
allq21t.html). 


2.7 Additional Information 


e “Installing the Novell Client on a Single Workstation” on page 17 
¢ “Installing and Upgrading the Novell Client on Multiple Workstations” on page 21 
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Installing the Novell Client on a 
Single Workstation 


This section explains how to install the Novell® Client™ for Windows software on one workstation. 


If you plan to install the Novell Client software on a small number of workstations, or if the 
workstations are not yet connected to a network, download the software from the Novell Download 
(http://download.novell.com) Web site. 


If you are installing or upgrading the Novell Client software on several workstations on the network, 
consider using the network installation explained in “Installing and Upgrading the Novell Client on 
Multiple Workstations” on page 21. 


3.1 Installing Novell Client Software ona 
Workstation 


1 Do one of the following: 


e Download the latest Novell Client software and then follow the download instructions 
included on the download page. 
e Install the Novell Client software from the Consolidated Support Pack CD. 


See Section 2.4, “Locating the Latest Client Software,” on page 14. 


TIP: There are several customized parameters that you can use during the installation by 
running the installation from the command line. These include special accessibility settings, 
status logging, automatic client upgrade, and others. For more information, see Section 3.2, 
“Using Setup Parameters with the Novell Client Installation,” on page 18. 


2 Make sure that the logged-in user is an administrator on the workstation because users without 


administrator rights to the workstation cannot install new software. 
3 Double-click setupnw.exe inthe path to the software\winnt\i386 directory. 
4 Follow the on-screen instructions. 


The typical installation installs the basic Novell Client and upgrades any components you 
currently have on the workstation that are also included in this version. Components that are 
not upgraded in this version of the Novell Client are not changed. 


TIP: The Typical Install option installs only the basic Novell Client components. If you want 
to install NDPS®, use the Custom Installation option. If you are upgrading Novell Client 
software, the same custom components are installed unless you choose different ones. If 
components that were previously included with the Novell Client installation (such as 
ZENworks®) are no longer included with the installation, these components are left alone and 
are not upgraded or deleted. 


The Custom installation allows you to choose which components are installed. 


NOTE: NICI Client 2.7 and NMAS™ Client 3.0 are installed by default. If they are already 
installed, they are updated automatically. You can control both the installation and use of 
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NMAS by installing the Novell Client using a configuration (unattend) file. For more 
information, see “Creating the Configuration File (Unattend File)” on page 44. 


5 When the installation is complete, reboot your workstation. 


3.2 Using Setup Parameters with the Novell 
Client Installation 
There are several customized parameters that you can use during the installation by running the 


installation from the command line. These include special accessibility settings, status logging, 
automatic client upgrade, and others. 


1 Click Start > Run. 
2 Type the path to the software followed by a space, a slash (/), and then the parameter. 


path to the software\setupnw.exe [/u] [/ 
u:path to an unattend file] [/sl] [/sl:path_to status log file] 
[/acu] [/508] [/?] 


The following table explains the setup parameters. 
Table 3-1 Windows 2000/XP Setup Parameters 


Parameter Description 


U Use settings in the default configuration (unattend) file, 
unattend.txt. 


U:path Use settings in the specified configuration (unattend) 
file, specified in the path given. 


SL Create status log entries in the default status file, 
status.log. 
SL:path Create status log entries in the specified status log file, 


specified in the path given. 
ACU Automatically upgrade the client if it is an older version. 


508 Enable special accessibility options in accordance with 
the Workforce Investment Act of 1998 Section 508. 


? Display help screen for setup parameters. 


3.3 Configuring Network Protocols 


After you install the Novell Client, make sure that it is configured correctly for your network. 


IMPORTANT: Before you configure network protocols, make sure you have the correct 
information and any addresses needed. If you configure protocols incorrectly, the workstation 
cannot connect to the network, or it might conflict with other workstations using the same address. 


1 Right-click My Network Places, click Properties, right-click Local Area Connection, select the 
protocol that you want to configure, then click Properties. 
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2 Configure the protocol options on each tabbed page, then click OK. 


For example, if your network uses DHCP to assign IP addresses automatically, click the ZP 
Address tab and then click Obtain IP Address Dynamically. Or, if you must use a static IP 
address, click Specify an Address and type a valid IP address. 


TIP: Click the question mark in the upper-right corner, then click in any field for more 
information about that field. 


3 Click OK. 


You might be prompted to supply the Windows operating system CD. If you do not have 
access to the correct files, you might not be able to create a network connection. 


You should now set the Novell Client properties for the workstation. See Chapter 5, “Setting Client 
Properties,” on page 51. 


3.4 Common Networking Tasks 


Novell Client software is integrated with Windows. Features are integrated into standard Windows 
interfaces such as My Computer, Network Neighborhood, Control Panel, and the Red N icon (N) on 
the status bar. 
Instructions for performing common client tasks are provided under the Red N menu: 

1 Right-click the Red N icon in the system tray. 

2 Click Novell Client Help > Novell Client User Guide. 
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Installing and Upgrading the 
Novell Client on Multiple 
Workstations 


This section explains how to install and upgrade the Novell® Client™ for Windows software on 
multiple workstations either across a network or from a Web server. It also discusses how to set up 
full-client installations, updates, and Support Pack installations. 


Because the Novell Client software installation options are robust and flexible so that they can be 
customized to suit your needs, a general understanding of all the options and processes is provided 
first. Subsequent sections help you decide which installation processes are best for your situation. 
Then, the specific installation steps are given. Finally, ways to control what users see during 
installation are discussed. 


e Section 4.1, “Understanding Novell Client Installation and Update Options,” on page 21 


e Section 4.2, “Understanding Which Installation Process to Use,” on page 28 


e Section 4.3, “Novell Client Installation Procedures,” on page 32 


4.1 Understanding Novell Client Installation and 
Update Options 


Novell Client software has a robust set of tools that enable you to deploy client software upgrades 
and Support Packs to all workstations in your network without having to install individually on each 
workstation. These tools can be combined in several different ways to create custom installation 
methods that suit your network and your workstation configurations. 


Novell Client can also be installed or updated from either a network server using a UNC path or 
mapped drive, or it can be installed or updated from a Web server using a URL. Depending on your 
network and the workstations that need to be updated, you might want to configure one or both of 
these installation methods. Using both of these methods is explained later in this section. 


TIP: For more information about installing on one workstation, see Chapter 3, “Installing the 
Novell Client on a Single Workstation,” on page 17. 


A general understanding of all of the tools and how they work together can help you decide which 
tools are best suited for your needs. The following is an explanation of the various tools and 
configuration files that can be used to customize the installation or update of the Novell Client 
software. 


4.1.1 Understanding the Basic Novell Client Installation 
(setupnw.exe) 


Novell Client software is installed by setupnw.exe. 
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Figure 4-1 Basic Novell Client Installation 


The setupnw. exe installation process can be modified by two different command line switches: 


e /U: Applies client settings and modifies install behavior based on settings in a specified 
configuration (unattend) file created by Novell Client Install Manager (nciman. exe). For 
more information, see “Creating the Configuration File (Unattend File)” on page 44. 


e /ACU: Directs setupnw. exe to perform an upgrade of the currently installed client software 
only if the version to be installed is a later one. 


/ACU and /U can be specified together at the command line. 


4.1.2 Understanding Novell Client Support Pack Installation 
(setupsp.exe) 

If workstations need to have only a specific Support Pack applied, use the Novell Client Support 
Pack installation utility (setupsp. exe). The Support Pack installs only a subset of client files and 
does not require a client version change. Support Pack Install Files can also be added to the Client 


Install Files (in an overlay manner) to allow the installation of both the client and the Support Pack 
in one step. For more information, see “Installing Support Packs” on page 40. 


Figure 4-2 Support Pack Installation 
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Setupsp.exe can be customized by modifying the setupsp. inf file to specify Support Pack 
options, display options, and update options. 
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4.1.3 Understanding Automatic Client Update (acu.exe) 


The Automatic Client Update utility (acu . exe) determines whether the client needs to be updated, 
allows you to specify several installation options, and allows you to uninstall unwanted components. 


à 
pita 
i 


ACU's actions are determined by acu. ini, a text file that can be modified to change the behavior 
of acu.exe. ACU can also accept information from a configuration (unattend) file that is created by 
Novell Client Install Manager (nciman.exe). For more information, see “Creating the 
Configuration File (Unattend File)” on page 44. 


Figure 4-3 Automatic Client Update Process 


IMPORTANT: If you use a configuration (unattend) file to configure Novell Client with 
acu.exe, you must change the Use=No to Use=Yes and you must specify the name of the 
configuration file and the path to it in the File=\\server\volume\path\file. Both of these changes are 
made in the [UNATTENDFILE] section of the acu. ini file. 
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ACU can be launched from within the login script. ACU determines if a complete update of the 
Novell Client (setupnw.exe) or a Support Pack (setupsp. exe) is required and then launches 
the appropriate utility. Each utility then can use the associated configuration files to complete a 
customized installation. Launching ACU from the login script saves network bandwidth during 
login because the Setup utility is run only if the client needs to be updated. 


4.1.4 Understanding Novell Client Install Manager (nciman.exe) 


Novell Client Install Manager (nciman.exe) generates a configuration (unattend) file that sets 
client settings and dictates client installation behavior. Novell Client Install Manager is located in 
the i386\admin folder. This file can be used by the Automatic Client Update utility (acu. exe) 
or by the Client install utility (setupnw.exe). You can create several different configuration files 
for different groups of workstations if necessary and specify their use by indicating a path to the 
desired configuration file in the acu.ini file or at the command line. For more information, see 
“Creating the Configuration File (Unattend File)” on page 44. 


4.1.5 Understanding Novell Client Web Install Utility 
(setupip.exe) 
Novell Client Web Install Utility simplifies the creation of a Web-based installation. 


Setupip.exe is a utility that downloads the Novell Client install files from a Web server and 
launches the Novell Client install. 
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Figure 4-4 Novell Client Web Install Utility 


Setupip.exe is created by running writeip.exe. It can configure up to five different address 
that the client can be installed from as well as indicate whether to launch a full client installation 
(setupnw.exe) or to launch a Support Pack installation (setupsp . exe). It can also be 
configured to accept settings from a configuration (unattend) file. 


Setupip.exe can also launch acu. exe to determine if a complete installation or a Support Pack 
installation needs to be launched. 
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Figure 4-5 Novell Client Web Install Affected by ACU 


4.1.6 Understanding Novell Client Update Agent (cuagent.exe) 


Novell Client Update Agent provides a workstation-initiated (manual or automatic) update of the 
Novell Client software. It launches acu. exe from a specified location. Update Agent can be run 
manually from the Red N menu or it can be configured to automatically check for updates at 
specified intervals. 
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Figure 4-6 Novell Client Installation Update Agent 


If it is configured to check automatically, each time a user logs in to the network, it runs and 
determines if the preconfigured number of days have elapsed since the last upgrade check and then 
checks the specified location for a newer version of the client or for Support Pack updates. Ifa 
newer version or Support Pack is found, ACU then launches the appropriate installation process. 


NOTE: Before workstations can check to see if updates are available, the Update Agent must be 
configured during a software installation or by using Automatic Client Upgrade (ACU). Or, you can 
configure Update Agent on each machine locally through the Novell Client Property Pages. 


Update Agent is configured by modifying the Update Agent property page settings or (optionally) 
the cuagent.ini file. Because the Update Agent launches ACU, which in turn launches either 
setupnw.exe or setupsp.exe, all of the configuration changes made to these subsequent utilities are 
used in the same way they would be when not running the Update Agent. For more information, see 
“Setting Up the Novell Client Update Agent” on page 35. 
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4.2 Understanding Which Installation Process to 
Use 


Now that you have an understanding of the tools available, you should choose the best installation 
methods for your network. To simplify the decision of what processes to use, refer to the following 
decision tree. Each possible installation method is listed as a part of the tree. 


If you have a complex network, you might need to refer to the decision tree multiple times to decide 
which installation type is right for different segments of the network. For example, you might have 
workstations that connect to the network through a NetWare® server and workstations that access 
only a corporate Web server. You might have deployed the Novell Client previously with Update 
Agent configured to some workstations and not to others. 


It is important to note that if your network has workstations that have different requirements, the 
steps that you ultimately take to deploy the Novell Client might be very similar or the same. The 
decision trees can help you to understand the specific steps needed in each case. 


The following decision trees explain options for a network installation of the Novell Client or 
Support Pack update (Figure 4-7 on page 28) or a Web installation of the Novell Client (Figure 4-8 
on page 29). 


Figure 4-7 Network Installation or Service Pack Decision Tree 


Can Modify: Can Modify: Can Modify: 
e Properties e Properties e Properties 
* Components e Components e Components 
e Install Process e Install Process e Install Process 


cuagent cuagent acu.exe acu.exe acu.exe acu.exe 
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Figure 4-8 Web Installation Decision Tree 
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4.2.1 Network Server Install Options 


The following are network installation options as described on the Novell Client installation 


decision tree (Figure 4-7 on page 28). 


Update Agent Default Install (Network Server Decision Tree Option 1) 


The following is the procedure required to complete the default installation of the Novell Client on 
workstations that already have Novell Client installed with Update Agent configured and that have a 


connection to the network. 


1. Set up the Novell Client Install on a NetWare Server. 


2. Set up Novell Client Upgrade Agent. 


3. Deploy the client installation using the selected method. 
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Update Agent Custom Install (Network Server Decision Tree Option 2) 


The following is the procedure required to complete a custom installation of the Novell Client on 
workstations that already have Novell Client installed with Update Agent configured and that have a 
connection to the network. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


. Set up the Novell Client Install on a NetWare Server. 

. (Optional) Create a custom configuration (unattend) file. 

. (Optional) Modify the installation options in the acu.ini file. 

Set up Novell Client Upgrade Agent. 

. (Optional) Modify the installation options in the cuagent.ini file. 


. Deploy the client installation using the selected method. 


Default Network Upgrade without Update Agent (Network Server Decision Tree 
Option 3) 


The following is the procedure required to complete the default update of the Novell Client on 
workstations that already have the Novell Client installed without Update Agent configured but have 
a connection to the network. 


1. Set up the Novell Client Install on a NetWare Server. 


2. Deploy the client installation using the selected method. 


Custom Network Upgrade without Update Agent (Network Server Decision Tree 
Option 4) 


The following is the procedure required to complete the custom update of the Novell Client on 
workstations that already have the Novell Client installed without Update Agent configured but have 
a connection to the network. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


1. Set up the Novell Client Install on a NetWare Server. 

2. (Optional) Create a custom configuration (unattend) file. 

3. (Optional) Modify the installation options in the acu.ini file. 
4 


. Deploy the client installation using the selected method. 


Default Network New Installation (Network Server Decision Tree Option 5) 


The following is the procedure required to complete the default installation of the Novell Client on 
workstations that do not have the Novell Client installed but have a connection to the network. 


1. Set up the Novell Client Install on a NetWare Server. 
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2. Deploy the client installation using the selected method. 


Custom Network New Installation (Network Server Decision Tree Option 6) 


The following is the procedure required to complete the custom installation of the Novell Client on 
workstations that do not have the Novell Client installed but have a connection to the network. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


1. Set up the Novell Client Install on a NetWare Server. 

2. (Optional) Create a custom configuration (unattend) file. 

3. (Optional) Modify the installation options in the acu.ini file. 
4 


. Deploy the client installation using the selected method. 


4.2.2 Web Server Installation Options 


The following are Web server installation options as described on the Novell Client Installation 
Decision Tree (Figure 4-8 on page 29). 
Web Server Update Agent Default Upgrade (Web Server Decision Tree Option 1) 


The following is the procedure required to complete the default Web server upgrade of the Novell 
Client on workstations that already have the Novell Client installed with Update Agent configured. 


1. Set up the Novell Client Install on a Web Server. 
2. Launch Novell Client Update Agent from the Red N menu or Automatically. 
Web Server Update Agent Custom Upgrade (Web Server Decision Tree Option 2) 


The following is the procedure required to complete the custom Web server upgrade of the Novell 
Client on workstations that already have the Novell Client installed with Update Agent configured. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


. Set up the Novell Client Install on a Web Server. 


. (Optional) Create a custom configuration (unattend) file. 


1 

2 

3. (Optional) Modify the installation options in the acu.ini file. 

4. (Optional) Modify the installation options in the cuagent.ini file. 
5 


. Launch Novell Client Update Agent from the Red N menu or Automatically. 


Web Server Default Install (Web Server Decision Tree Option 3) 


The following is the procedure required to complete the default Web server installation of the 
Novell Client on workstations that already have the Novell Client installed without Update Agent 
configured. 
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1. Set up the Novell Client Install on a Web Server. 
2. Create and configure the setupip.exe download executable. 


3. Distribute the download executable. 


Web Server Custom Install (Web Server Decision Tree Option 4) 


The following is the procedure required to complete the custom Web server installation of the 
Novell Client on workstations that already have the Novell Client installed without Update Agent 
configured. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


1. Set up the Novell Client Install on a Web Server. 

2. (Optional) Create a custom configuration (unattend) file. 

3. (Optional) Modify the installation options in the acu.ini file. 
4 


. Distribute the download executable. 


Web Server Support Pack Default Install (Web Server Decision Tree Option 5) 


The following is the procedure required to complete the default Web server installation of the 
Novell Client Support Pack on workstations that already have the Novell Client installed. 


1. Set up the Novell Client Install on a Web Server. 
2. Create and configure the setupip.exe download executable. 


3. Distribute the download executable. 


Web Server Support Pack Custom Install (Web Server Decision Tree Option 6) 


The following is the procedure required to complete the custom Web server installation of the 
Novell Client Support Pack on workstations that already have the Novell Client installed. 


TIP: Before you set up a custom install, consider which options you want users to see during 
installation. You can make the necessary modifications to the corresponding configuration files 
while making other custom install changes. 


. Set up the Novell Client Install on a Web Server. 


. (Optional) Create a custom configuration (unattend) file. 


1 
2 
3. (Optional) Modify the Support Pack installation options in the setupsp.inf file. 
4. (Optional) Modify the installation options in the acu.ini file. 

5 


. Distribute the download executable. 


4.3 Novell Client Installation Procedures 


This section contains detailed information about the specific procedures required to complete 
various types of network server and Web server installations of the Novell Client. Because each of 
these procedures might apply to several installation types, each process is described separately. For 
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more information on how to combine these procedures into a complete installation solution, see 
Section 4.2, “Understanding Which Installation Process to Use,” on page 28. 


4.3.1 Setting Up the Novell Client Install on a NetWare Server 


1 Ona NetWare server, log in to a server as Admin or as a user with Admin equivalence. 


Make sure that you have rights to copy files to a network folder that all users can access, as 
well as rights to modify login scripts. 


2 Create a folder in sys: public. 
For example: 
sys:\public\client 
3 Copy the Novell Client winnt directory to the folder. 
See Section 2.4, “Locating the Latest Client Software,” on page 14. 


If you are installing the client in only one language or if your network does not have enough 
space to accommodate multiple language directories, you can delete the language directories 
that you do not need from the nls directory under each client directory. To ensure that you have 
all necessary files, copy the entire client directory and then delete only the extra language 
directories. 


4 Create a Group object in the eDirectory™ tree. 
Place into that group users whose workstations need to be installed or upgraded. 
6 Make sure that the group has the Read and File Scan rights to the folder that you created. 


If you created a folder in sys: public, the new folder should have Read and File Scan rights 
already associated with it, but you should make sure that these rights have not been changed. 


7 (Conditional) If you want the results of the installation to be added to a status log file, make 
sure that the group has the Write right to that file and enable status logging in the acu.ini or 
cuagent.ini file (see “Modifying the ACU Configuration File” on page 41 or see “Creating the 
Configuration File (Unattend File)” on page 44). If you did not create the status log file prior to 
running the network installation, you must give users the Create and Write rights to the 
directory. 


A status log file records the success or failure of the installation. when each workstation 
completes its installation, the status log file is appended to include information on that 
workstation. 


8 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.2 Setting Up the Novell Client Install on a Web Server 


Before you can distribute the Novell Client from a Web Server, you must first set up the installation 
directory on the Web server. 


1 Create an installation directory on the HTTP Web server where you want users to install from. 


2 Do one of the following: 
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Full Novell Client Installs or Upgrades: Copy the winnt directory to this directory. For more 
information on locating the latest Novell Client software, see Section 2.4, “Locating the Latest 
Client Software,” on page 14. 


For Support Pack Installs: Create the following directory structure: 
winnt\i386\sp 
and place the Support Pack files in that SP directory. 


TIP: The IP address specified in the WriteIP utility must be a location on a Web server that 
contains the Support Pack files. If the IP address specified in the WriteIP utility is a location on 
a Web server that contains both the client and the Support Pack files (in an overlay), both the 
client and Support Pack files are downloaded, however, only the Support Pack install launches. 
Creating a directory called SP within the winnt\i386 directory and placing the Support 
Pack files in that SP directory avoids unnecessary download of Client files. The Web download 
utility downloads only the files in the sp directory and launches the Support Pack install. 


You can copy the files to up to five different Web servers in order to provide access during 
peak times. 


IMPORTANT: Ensure that you preserve the case, date, and time of the directories and files 
that are copied to the Web server. This is especially important on Web servers that are case 
sensitive, such as Linux servers. 


3 Complete any additional procedures outlined in the installation type you selected. 


4.3.3 Creating the Setupip.exe Download Executable 


You can install the Novell Client software from a Web server. Using the WRITEIP utility, you can 
create a small executable called SETUPIP that downloads the Novell Client install files from a Web 
server and launches the Novell Client install. 


1 Run the writeip.exe utility located in winnt\i386\admin. 


For more information on downloading Novell Client, see Section 2.4, “Locating the Latest 
Client Software,” on page 14. 


2 Specify the IP address or DNS name of the Web server and the path to the client files. 


You can specify up to five locations. Each location is checked in the order in which they are 
listed until a connection is made. If you select Choose IP Address at Random, the order in 
which the locations are checked is selected randomly. This balances the load across the Web 
servers. 


For example: 
http://111.111.11.1/client 
or 
http://mycompany.com/client 
3 Specify download options, such as the location for downloading the client installation files. 
Files can be downloaded to a temporary or specific directory. 


If you select Allow User to Change the Download Directory, the user is prompted for the 
location of the download directory and can change the default location. 


If you do not select Delete Install Files after Install Is Compete, the Novell Client installation 
files remain on the workstation in the specified path or temporary directory. 
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4 Specify client install launch options. 


Support Pack Install: Only the Support Pack software is downloaded and installed, if needed. 
For specific information on setting up the directories correctly on the Web server, see Section 
4.3.2, “Setting Up the Novell Client Install on a Web Server,” on page 33. 


Automatic Client Upgrade: The client install runs only if the client software is a later version 
than the one currently installed on the workstation. For more information, see “Modifying the 
ACU Configuration File” on page 41. 


Unattend File: The installation reads the configuration file in order to configure the client 
properties. This file should be placed in the same folder as the installation utility. For more 
information, see “Creating the Configuration File (Unattend File)” on page 44. 


5 Click OK. 


Setupip.exe is created. Writeip.ini, which stores the options you selected in 
writeip.exe, is also created. 


6 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.4 Distributing Setupip.exe 


Distribute setupip.exe by placing it on a Web site, sending it through e-mail, or distributing it 
on a diskette. 


When users double-click setupip.exe, the executable downloads the client install files from the 
specified IP address and launches the Novell Client installation. 


4.3.5 Setting Up the Novell Client Update Agent 


IMPORTANT: This procedures is just one of the steps required to complete installation of the 
Novell Client on multiple workstations. For more information on how this procedure combines with 
other procedures to create an install method, see Section 4.2, “Understanding Which Installation 
Process to Use,” on page 28. 


You can simplify future client software upgrades by enabling the Novell Client Update Agent. The 
Update Agent can be run manually at any time from the Red N menu or can be run automatically 
when users log in to the network. 


If it is run automatically, the Update Agent determines if the preconfigured number of days have 
elapsed since the last upgrade check and then checks the specified location for a newer version of 
the client. If a newer version is found, the new install is launched. You can preconfigure the interval 
of days as well as the location of the newer client version. 


IMPORTANT: Before workstations can check to see if updates are available, the Update Agent 
must be configured during a software installation or by using Automatic Client Upgrade (ACU). Or, 
you can configure Update Agent on each machine locally through the Novell Client Property Pages. 
For more information, see Section 4.3.7, “Enabling the Novell Client Update Agent,” on page 39. 


1 Create a configuration (unattend) file by running the Novell Client Install Manager utility 
(nciman.exe). 
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See “Creating the Configuration File (Unattend File)” on page 44. 
2 Click Client, then click the Update Agent tab. 
3 (Optional) Check the Enable Automatic Update Agent option and set the launch interval. 


4 Select the Update Location option and specify the Update Location path (mapped drive, UNC 
path or URL). 


5 (Optional) Select the Previous Install Location option. 


This causes the Previous Install Location to be used if the Update Location cannot be found. If 
the Update Agent should use only the Previous Install Location, deselect the Update Location 
option. 

6 (Conditional) If the user does not have the Administrator right on the workstation, select the 
Administrator Rights option. 


Novell Client must be installed by a user that has administrative rights on the workstation. If 
this option is selected, Update Agent runs as a user with administrative rights and the 
installation is completed. If this option is not selected and the user does not have administrative 
rights, the Update Agent does not run and the user is prompted that he does not have the correct 
rights. 


7 To save the file in the correct location, complete the steps in “Creating the Configuration File 
(Unattend File)” on page 44. 


8 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.6 Modifying the Update Agent Configuration File 


1 Locate the cuagent.ini file in the admin directory. 
2 Modify the cuagent. ini file settings. 


The cuagent . ini file enables you to configure the following settings: 


Option Description Settings 


[AgentStatus] Specifies whether the Update Agent is configured. If Disabled=Yes | No 
configured, the rest of the .ini file is read. If disabled, the (Default: No) 
Agent does not look for an update to the Client 


[LaunchUpdate Specifies whether the Client Install is launched. When set Launch=Yes | No 
] to Yes, the Update Agent determines if an update is (Default: Yes) 
needed and then launches the necessary update. When 
set to No, the Update agent determines if an update is 
needed but does not launch the necessary update. 


[Redirection] Specifies a path to redirect the Update Agent to a Location=path_to_upd 
different location for Novell Client files. This is useful if ate 
you need to locate the files on a different server. 


The path can be a mapped drive, UNC path, or URL. 


You can redirect the Update Agent five times (once in 
each of five different cuagent.ini files located in different 
locations). 
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Option 


[UpdatePrompt 
] 


[AgentFiles] 


Description 


Specifies whether users are prompted to begin the 
update and notified about the location the update will run 
from. 


Display specifies whether users are prompted to update 
Novell Client. 


Display Location specifies whether users are notified 
about the location that the update is to run from. 


Administrator Message specifies additional text that 
appears when the user is prompted to start an update. 


Specifies whether the Update Agent software should be 
updated before the Novell Client update occurs. 


This option lets you update the Update Agent if newer 
software is available with features that you want to use or 
if the Update Agent has a defect. Then, the newer Update 
Agent completes the Client software update. 
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Settings 
Display=Yes | No 


DisplayLocation=Yes | 
No 
(Default: No) 


AdministratorMessage 


message_from_admini 
strator 


Update=Yes | No 
(Default: No) 
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Option Description Settings 


[AgentSettings] Specifies settings located on the Novell Client Update Update=Yes | No 
Agent Property Page. If you change settings in the (Default: No) 
cuagent.ini file, these changes are made in the Registry 
and appear in the Novell Client Update Agent Property 
Page. These changes go into effect the next time the 
Update Agent is run. 


EnableAutomaticUpdat 
eAgent=Yes | No 


UpdateAgentLaunchint 


Update specifies whether the settings are transferred erval=interval_in_days 


from the .ini file to the workstation’s registry. EnableUpdateLocation 


Enable Automatic Update Agent specifies whether the =Yes | No 
Update Agent is launched automatically. The Update 
Agent checks for a new version of the Novell Client at the 


designated interval and from the designated locations. 


UpdateLocation=updat 
e_location_path 


The Update Agent is launched as a part of the login EnablePreviousInstallL 
process. ocation=Yes | No 
Update Agent Launch Interval sets the interval (in AdministratorRights=Y 


days) that the Novell Client Update Agent checks for a es | No 
new version of the Novell Client. 


Enable Update Location specifies whether the Novell 
Client Update Agent looks for a new version of the Novell 
Client in the designated update location. 


The Update Agent checks for updates in the following 
order of configured locations: 1) Update Location, 2) 
Previous Install Location. 


The Update Agent looks in each configured location for 
valid file types and stops when it locates any. Ensure that 
you have the latest files in the first location that the 
Update Agent searches. 


Update Location specifies the update location (mapped 
drive, UNC, or URL). 


Enable Previous Install Location specifies whether the 
Novell Client Update Agent looks for a new version of the 
Novell Client in the previous install location. 


Administrator Rights specifies whether the Novell 
Client Update Agent has administrative rights on the 
workstation. The Update Agent must have these rights to 
update the Novell Client. This is useful when the user 
who logs in to the workstation is not the workstation 
Administrator user. If this setting is set to No, the Update 
Agent is launched with the rights of the currently logged- 
in user. 
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Option Description Settings 


[ClientSettings] Update specifies whether Novell Client Update Agent Update=Yes | No 
looks for Novell Client property page updates. (Default:No) 


Unattend File specifies the name of the configuration UnattendFile=/og_file_ 
(unattend) file that contains property page settings. This path 


file should be in the same location as the Update Agent. 
DisplayPrompt= Yes | 


Display Prompt specifies whether users are prompted to No 
update client settings. (Default: No) 


Display Location specifies whether users are notified DisplayLocation=Yes | 
about the location from which the update will run. No 


(Default: No) 
Administrator Message specifies additional text that 


appears when users are prompted to update. AdministratorMessage 


message_from_admini 
strator 


[StatusLogging Specifies whether a status log is created and where itis | Use=Yes | No 
located. (Default: Yes) 


File=/log_file_path 


Copy this files to the i386 directory. 
Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.7 Enabling the Novell Client Update Agent 


“Enabling Novell Client Update Agent during a Client Install or Upgrade” on page 39 


“Enabling Novell Client Update Agent Using ACU Without Installing Novell Client Software” 
on page 40 


“Enabling Novell Client Update Agent on a Local Workstation” on page 40 


Enabling Novell Client Update Agent during a Client Install or Upgrade 
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Select your type of the Novell Client installation. 


You must select an install process that allows you to modify the client properties (meaning it 
cannot be a default install type because the default installs do not modify any configuration 
files or settings). 


For more information on selecting an installation type, see Section 4.2, “Understanding Which 
Installation Process to Use,” on page 28. 


During the installation process, create a custom configuration (unattend) file to modify the 
properties. 


For more information, see “Creating the Configuration File (Unattend File)” on page 44. 


In the Novell Client Install Manager (nciman. exe), double-click Client, click the Update 
Agent tab, then make the following changes: 


3a Select Enable Automatic Update Agent. 
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3b (Optional) To launch Update Agent automatically at a set interval, select Enable 
Automatic Update Agent and then set the launch interval (in days). 


If Update Agent is not set to launch automatically, users can still launch it from the Red N 
menu whenever an update needs to be run. 


3c Specify an update source location. 


You can select either a specific location on the network or the previous install location (if 
you intend to place updates in the same location as the last install). Update Agent always 
looks in the specified location for new files. 


4 Continue changing additional configuration settings to create your custom configuration 
(unattend) file, then click OK. 


5 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


Enabling Novell Client Update Agent Using ACU Without Installing Novell Client 
Software 


1 Modify the acu.ini file so that the [UpdateA gentSettings] section of the .ini file is set to 
UPDATE=YES. 


See “Modifying the ACU Configuration File” on page 41 for more information. 


2 Change the desired Update Agent settings in the [UpdateA gentSettings] section of the 
acu.ini file. 


3 Run ACU through the login scripts. 
See “Distributing Novell Client Using Login Scripts” on page 49. 


The next time users log in, ACU runs and changes to the Update Agent settings are made. The 
Update Agent is configured and checks for updates as specified in the settings. 


Enabling Novell Client Update Agent on a Local Workstation 
1 At the user's workstation, right-click the Red N icon on the status bar. 
2 Click Novell Client Properties. 
3 Click the Update Agent tab. 
4 Set the properties that you want to change. 


TIP: Help for all the Property pages is available directly on the property pages by clicking the 
Question Mark (?) or right-clicking and then selecting What's This? Also, this information and 
additional information on other settings is available in the August 2004 AppNotes® article 


Novell Client 4.9 SP2: initialization, Login and Settings (http://www.novell.com/coolsolutions/ 
appnote/620.html). 


5 Click OK to make the changes and close the property pages. 


4.3.8 Installing Support Packs 


The Support Pack installs only a subset of client files and does not require a version change for the 
Client. Support Packs can also be added to the Client (in an overlay manner) to allow the installation 
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of both the Client and the Support Pack in one step. Depending on the installation option you use to 
deploy Support Packs, the process differs slightly. 


For example, if you choose one of the Web Server installation options, the IP address specified in 
the WriteIP utility must be a location on a Web server that contains the Support Pack files. If the IP 
address specified in the WriteIP utility is a location on a Web server that contains both the Client 
and the Support Pack files (in an overlay), both the client and Support Pack files are downloaded; 
however, only the Support Pack install launches. Creating a directory called sp within the 
winnt\i386 directory and placing the Support Pack files in that sp directory avoids unnecessary 
download of client files. The Web download utility downloads only the files in the sp directory and 
launches the Support Pack install. 


In addition, Novell Client property page settings cannot be changed using the default Support Pack 
installation because only a subset of the Novell Client files are changed. If you need to install a 
Support Pack and update properties, you must either complete a full client installation that has the 
Support Pack files in an overlay or use the Update Agent to run both the Support Pack installation 
and update the Novell Client properties. 


For more information on selecting an installation option, see Section 4.2, “Understanding Which 
Installation Process to Use,” on page 28. 


4.3.9 Modifying the ACU Configuration File 


IMPORTANT: This procedure is just one of the steps required to complete installation of the 
Novell Client on multiple workstations. For more information on how this procedure combines with 
other procedures to create an install method, see Section 4.2, “Understanding Which Installation 
Process to Use,” on page 28. 


The Automatic Client Upgrade utility (acu.exe) determines whether the client needs to be updated 
and lets you specify several installation options. 


1 Open the acu. ini file located in the folder that you created on the server. 


2 Modify the configuration options. 


IMPORTANT: If you use a configuration (unattend) file to configure the Novell Client and 
you are using acu. exe, you must change the [UNATTENDFILE] option to Yes in the 
acu.ini file. 


Option Description Settings 

[Launchinstall] Specifies whether Setup is launched after Launch=Yes | No 
acu.exe determines that the installation is (Default: Yes) 
necessary. 

[DisplayDialog] Specifies whether users are prompted to Display=Yes | No 
begin the upgrade. (Default: Yes) 

[UnattendFile] Specifies whether a configuration Use=Yes | No 
(unattend) file is used and where it is (Default: No) 
located. 


File=configuration_file_path 
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Option Description 


[StatusLogging] Specifies whether a status log is created 
and where it is located. 


If you did not create a status log file prior to 
installation, it is now created and placed in 
the installation directory on the network or 
in the directory specified in the File setting. 


[AdministratorMessa Specifies additional text that appears when 
ge] the user is prompted to start an ACU. 


[ClientLocallnstall] Specifies whether the installation is copied 
to a specified local directory and run 
locally. 
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Settings 


Use=Yes | No 
(Default: No) 


File=log_file_path 


Message=the_message_you 
want_to_appear 


Locallnstall=Yes | No 
(Default: No) 


LocalDirectory=directory_wher 
e_you_want_the_installation_c 
opied 

(Default: 
c:\novell\clientlocalinstall) 


DeleteLocallnstall=Yes | No 
(Default: No) 


TIP: If you want to delete the 
files after the installation is 
complete, set 
DeleteLocallnstall=Yes. 


Option 


[UpdateAgentSetting 
s] 


Description 


Specifies the Novell Client Update Agent 
Property Page settings. 


IMPORTANT: Use this section to set the 
Update Agent settings if you do not already 
have Update Agent installed and 
configured. If it is installed and configured, 
make changes in the cuagent.ini file. 


If you change settings, these changes are 
made in the Registry and appear in the 
Novell Client Update Agent Property Page. 
These changes go into effect the next time 
the Update Agent is run. 


Update specifies whether the settings are 
transferred from the .ini file to the 
workstation’s registry. 


Enable Update Agent specifies whether 
the Update Agent is configured. This 
setting specifically applies to workstations 
running Novell Client version 4.90 SP2 that 
are upgrading Novell Client software. 
Selecting this option enables Update Agent 
to perform the software update. 


Enable Automatic Update Agent 


specifies whether the Update Agent is 
launched automatically. The Update Agent 
checks for a new version of the Novell 
Client at the designated interval and from 
the designated locations. The Update 
Agent is launched as a part of the login 
process. 


Update Agent Launch Interval sets the 
interval (in days) that the Novell Client 
Update Agent checks for a new version of 
the Novell Client. 


Enable Update Location specifies 
whether the Novell Client Update Agent 
looks for a new version of the Novell Client 
in the designated update location. 


The Update Agent checks for updates in 
the following order of configured locations: 
1) Update Location, 2) Previous Install 
Location. 


The Update Agent looks in each configured 
location for valid file types and stops when 
it locates them. Ensure that you have the 
latest files in the first location that the 
Update Agent searches. 


Update Location specifies the update 
location (mapped drive, UNC, or URL). 


Enable Previous Install Locat 
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specifies whether the Novell Client Update 


Settings 


Update=Yes | No 
(Default: No) 


EnableUpdateAgent=Yes | No 


EnableAutomaticUpdateAgent 
=Yes | No 


UpdateAgentLaunchInterval=in 
terval_in_days 


EnableUpdateLocation=Yes | 
No 


UpdateLocation=update_locati 
on_path 


EnablePreviousInstallLocation 
=Yes | No 


AdministratorRights=Yes | No 


Option Description Settings 


[Uninstall] Specifies which network components are IPX=Yes | No 
uninstalled. Users are prompted to reboot (Default: No) 


after the uninstall is complete. 
CMD=VYes | No 


IPX specifies whether IPX™ is uninstalled. (Default: No) 


CMD specifies whether Compatibility Mode Client=Yes | No 
is uninstalled. (Default: No) 


Client specifies whether Novell Client is NDPS=Yes | No 
uninstalled. (Default: No) 


NDPS specifies whether Novell Distributed WorkstationManager=Yes | No 
Print Services™ is uninstalled. (Default: No) 


Workstation Manager specifies whether | NAL=Yes | No 
Workstation Manager, a component of (Default: No) 
ZENworks®, is uninstalled. 

ImagingService=Yes | No 
NAL specifies whether Novell Application (Default: No) 


Launcher™, a component of ZENworks, is 
uninstalled. RemoteManagement=Yes | No 


(Default: No) 
Imaging Service specifies whether 
Imaging Service, a component of NICI=Yes | No 
ZENworks, is uninstalled. (Default: No) 


Remote Management specifies whether © NMAS=Yes | No 
Remote Management, a component of (Default: No) 
ZENworks, is uninstalled. Netldentity=Yes | No 


NICI specifies whether Novell International (Default: No) 
Cryptographic Infrastructure (NICI_) is 


ünihstalled. AdministratorMessage= 


message_from_administrator 


NMAS specifies whether Novell Modular 
Authentication Services (NMAS™) is 
uninstalled. 


Netldentity specifies whether Netldentity 
is uninstalled. 


Administrator Message specifies 
additional text that appears when the 
uninstall begins. 


3 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.10 Creating the Configuration File (Unattend File) 


IMPORTANT: This procedures is just one of the steps required to complete installation of the 
Novell Client on multiple workstations. For more information on how this procedure combines with 
other procedures to create an install method, see Section 4.2, “Understanding Which Installation 
Process to Use,” on page 28. 
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The Novell Client installation reads a configuration (unattend) file generated by the Novell Client 
Install Manager in order to customize the installation process and to configure the Novell Client 
settings. 


Figure 4-9 Novell Client Install Manager 


Re Untitled - Novell Client Install Manager 


Configuration options for Windows NT/2000/XP F Pa 


© Installation a 


Location Profiles 

Œ- Advanced Login 
DSCAT Contextless Login 
Update Agent 
LDAP Contextless Login 
Service Location 


TIP: If you want to use the registry settings on this workstation, dick Import Registry. 


TIP: You can import the settings from a workstation that has been previously configured and save 
them to the configuration file. After you set up the workstation, click File > Import Registry to 
import the settings. 


The configuration (unattend) file created by the Novell Client Install Manager provides information 
such as property page settings and installation settings. This file should be placed in the same folder 
as the installation utility. 


NOTE: If you are installing the client with the default settings, you do not need to create or modify 
the configuration files. Skip this process and proceed to Chapter 5, “Setting Client Properties,” on 
page 51. 


1 Start Novell Client Install Manager (nciman.exe). 


Novell Client Install Manager is located in the winnt\1I386\admin folder that you copied 
to the server. 


2 Modify the installation options as needed. 


2a Inthe Configuration Options list box, double-click the installation option that you want to 
modify. 


2b On the selected property page, set the parameters and then click OK. 
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Installation Configuration 


Remote Management NDPS ZENworks Imaging Services 
Setup Client Workstation Manager || NAL Agent 

Display initial screen 

[Accept license agreement 

Update all components if any are out of date 

Install NMAS 

Install NICI 

C install Netidentity 

Reboot Options 

© Ask for reboot upon completion 

© Reboot upon completion 

C Force reboot regardless of other applications 

© Dont ask and dont reboot 

Protocol Mode 

OIP only [C Remove IPX i present 

O IP with IPX Compatibility 

OIP and IPX 

©OIPX 

© Curent or Default Protocol 


The values that you set appear in the Novell Client Install Manager's right list box after 
you close the property page so that you can see a list of all parameters that have been 
modified. 


3 Modify the Client Properties as needed. 


For example, if your network uses LDAP, you can enable contextless login. Or, you might 
want to change the welcome screen bitmap. 


For more information on the Client Properties, see Chapter 5, “Setting Client Properties,” on 
page 51 and Chapter 7, “Managing Login,” on page 67. Or, right-click any property to view its 
help information. 


4 Click File > Save. 
You can use any filename (for example, unatt_xp.txt). 


5 Copy this file to the winnt \i386 directory. 


IMPORTANT: The path to the text file cannot contain long filenames. 


6 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.11 Modifying the Support Pack Configuration File 


IMPORTANT: This procedures is just one of the steps required to complete installation of the 
Novell Client on multiple workstations. For more information on how this procedure combines with 
other procedures to create an install method, see Section 4.2, “Understanding Which Installation 
Process to Use,” on page 28. 


The Novell Client Support Pack utility lets you control how Support Packs are pushed out to 
workstations by modifying the setupsp.inf file to define install custom settings. 


1 Open the setupsp. ini file located in the folder that you created on the server. 


2 Modify the Support Pack options section only. 
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IMPORTANT: Do no change the Client Version and Support Pack Version settings. 


Option 


Reinstall 


DisplaylnstallPrompt 
s 


UpdateNICI 


UpdateNMAS 


UpdateNetldentity 


Description 


Specifies whether setupsp.exe reinstalls 
the already installed Support Pack on the 
workstation. 


Yes: Setupsp.exe runs and reapplies 


updates even when the workstation already 


has the current Support Pack applied. 


No: Setupsp.exe checks to ensure that the 


Support Pack on the workstation is the 


most current one and does not reinstall if it 


is current. 


Specifies whether users are prompted 
during the Support Pack installation. 


This setting does not affect 
RebootOnCompletion or 
PromptOnCompletion. 


Specifies whether Novell International 
Cryptographic Infrastructure (NICI) is 
updated. 


Specifies whether Novell Modular 
Authentication Services (NMAS) is 
updated. 


Specifies whether Netldentity is updated 
even if an older version is detected. 


Installing and Upgrading the Novell Client on Multiple Workstations 


Settings 


Reinstall=Yes | No 
(Default: No) 


DisplaylnstallPrompts=Yes | 
No 
(Default: Yes) 


UpdateNICl=Yes | No 


(Default: YES) 


UpdateNMAS=Yes | No 
(Default: Yes) 


UpdateNetldentity=Yes | No 
(Default: Yes) 
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Option Description Settings 


RebootOnCompletio Specifies whether the workstation is RebootOnCompletion=Prompt 


n rebooted after the Support Pack install is | Yes | No 
completed. (Default: Prompt) 


Prompt: Users are prompted to decide 
whether or not to reboot the workstation. 


NOTE: The PromptUserOnCompletion 
setting has no affect if 
RebootOnCompletion is set to Prompt. 


Yes: The workstation is rebooted upon 
completion. This setting can be used in 
conjunction with the 
PromptUserOnCompletion setting to force 
the reboot and alert users that the reboot 
must occur. 


No: The workstation is not rebooted upon 
completion. This setting can be used in 
conjunction with the 
PromptUserOnCompletion setting to 
advise the user that the update is 
complete. However, there is no forced or 
prompted reboot of the workstation. 


PromptUserOnComp Specifies whether users are prompted that PromptUserOnCompletion=Ye 
letion a update has occurred and (optional) that s | No 
the workstation needs to be rebooted. (Default: Yes) 


Yes: Displays a prompt explaining that the 
update is completed. If this setting has 
been used in conjunction with 
RebootOnCompletion=Yes, the 
workstation is rebooted when the user 
clicks OK. 


No: Does not display a prompt for users. If 
this setting has been used in conjunction 
with RebootOnCompletion=Yes, the 
workstation is rebooted without warning. 


3 Complete any additional procedures outlined in the installation type you selected. 


For more information on selecting the type of installation needed, see Section 4.2, 
“Understanding Which Installation Process to Use,” on page 28. 


4.3.12 Selecting a Network Server Distribution Option 


After you have set up your network installation of the Novell Client, you must decide how to 
distribute the install files. You can modify the login script to launch installation files, distribute the 
files through ZENworks or use another method you have available on your network. 


For more information on using login scripts, see “Distributing Novell Client Using Login Scripts” 
on page 49. For more information on using ZENworks, see the documentation associated with the 
installed version of ZENworks. 
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Distributing Novell Client Using Login Scripts 


IMPORTANT: This procedures is just one of the steps required to complete installation of the 
Novell Client on multiple workstations. For more information on how this procedure combines with 
other procedures to create an install method, see Section 4.2, “Understanding Which Installation 
Process to Use,” on page 28. 


You need to modify login scripts for users whose workstations are upgraded. 

To upgrade workstations for users in a container, modify that container's login script. 
To upgrade workstations for users in a profile, modify that profile's login script. 

To upgrade specific users' workstations, modify those users' login scripts. 


To upgrade a workstation running bindery-based client software (such as Microsoft Client for 
NetWare Networks which ships with Windows 95 or Windows 98), edit the system login script 
(sys:public\net$log.dat). 


You can create or modify a user login script using either ConsoleOne® or iManager. 


Using iManager 
1 Click Roles and Tasks > User Management > Modify User. 
2 Specify a username and context, then click OK. 
3 Click General > Login Script. 
4 Type the login script commands and information in the login script text box. 


For a sample of the login script commands that you need to add to the scripts, see “Sample 
Client Installation Login Script” on page 50. 


IMPORTANT: Make sure that you edit the sample login script to match the server names, 
directory paths, and specifications of your own network. 


For additional information on all login script commands, see the Novell Login Scripts Guide. 


5 To save the login script, click OK. 


Using ConsoleOne 
1 Double-click the object whose login script you want to create or modify. 
2 Click Login Script. 
3 Type the login script commands and information into the login script text box. 
For a sample of the login script commands that you need to add to the scripts, see “Sample 


Client Installation Login Script” on page 50. 


IMPORTANT: Make sure that you edit the sample login script to match the server names, 
directory paths, and specifications of your own network. 


For additional information on all login script commands, see the Novell Login Scripts Guide. 
4 To save the login script and close the Details dialog box, click OK. 


If the login script that you just created was a container or user login script, you're finished and 
the client software installs or updates the next time users log in. 
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If the login script that you just created was for a Profile object, you must associate the User 
object with the Profile object and make the User object a trustee of the Profile object. See 
“Getting Around the One User and One Profile Login Script Restriction” in the Novell Login 
Scripts Guide. 


Sample Client Installation Login Script 


The following sample shows the commands that you add to the login script in order to install the 
client software from the network. The sample includes text for installing across an internal network. 


NOTE: In this sample, the text that is necessary to the script is represented in uppercase letters. The 
information that you should customize for your network is in lowercase letters. 


REM ***** Windows 2000/XP ***** 

IF OS = “winnt” 
WRITE “Updating Novell Client for Windows 2000/XP.” 
#\\serverl\sys\public\client\winnt\i386\acu.exe 
IF “SERROR LEVEL” = “1” THEN 

EXIT 


END 
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Setting Client Properties 


You can optimize the Novell® Client™ for your network by using property pages to configure 
protocol support, optimize performance, configure optional client parameters, and set a variety of 
other parameters. 


By default, the client is configured for high speed with moderate use of memory and data protection. 
You can adjust the client to optimize its performance in any of these areas. However, optimizing the 
client in one area might lessen performance in other areas. 


TIP: Help for all the Property pages is available directly on the property pages by clicking the 
question mark (?) or right-clicking and then selecting What's This? Also, this information and 
additional information on other settings is available in the August 2004 AppNotes® article Novell 
Client 4.9 SP2: Initialization, Login and Settings (http://www.novell.com/coolsolutions/appnote/ 
620.html). Also, a short description of each Advanced Menu setting is available in the Description 
field when you select the option. 


This section discusses the following ways to set properties: 


¢ Setting Properties During Installation (page 51) 

¢ Setting Properties on a Single Workstation after Installation (page 52) 
e Setting Properties on Multiple Workstations after Installation (page 52) 
e Using DHCP (page 53) 


5.1 Setting Properties During Installation 
Use the Novell Client Install Manager to set properties for one or more workstations before an 
unattended install. This method saves you from having to set each workstation individually. 


1 Start the Novell Client Install Manager (nciman . exe) located in the winnt\i386\admin 
folder. 


2 Modify the installation options as needed. 


2a Double-click the configuration option that you want to modify in the Installation 
Configuration list box. 


2b In the property pages, set the parameters and then click OK. 
The values that you set appear in the right list box. 


TIP: You can set up one workstation the way you want other workstations to be set up, 
then use the Novell Client Install Manager to import the settings from that workstation's 
registry and save them to the configuration file you will use during the ACU install. After 
you set up the workstation, click File > Open Registry to import the settings into the 
Novell Client Install Manager. 


For information about setting properties on a single workstation, see Section 3.3, 
“Configuring Network Protocols,” on page 18. 


3 Click File > Save. 


Setting Client Properties 


51 


You can save the file with any filename that you want to use. For example, you could rename 
the file novell.txt and then use it in conjunction with an installation method: 


¢ In an installation type using ACU with the file name specified. 
For more information, see Chapter 4, “Installing and Upgrading the Novell Client on 
Multiple Workstations,” on page 21. 

« At the command line by specifying the filename with the /U option. 


For more information, see Chapter 3, “Installing the Novell Client on a Single 
Workstation,” on page 17. 


¢ In the Web installation executable created by writeip.exe. 


For more information, see Section 4.3.3, “Creating the Setupip.exe Download 
Executable,” on page 34. 


5.2 Setting Properties on a Single Workstation 
after Installation 


1 At the user's workstation, right-click the Red N icon on the status bar. 
2 Click Novell Client Properties. 
3 Set the properties that you want to change. 


Help for all the Property pages is available directly on the property pages by clicking the 
question mark (?) or right-clicking and then selecting What's This? This information and 
additional information on other settings is also available in the August 2004 AppNotes article 
Novell Client 4.9 SP2: Initialization, Login and Settings (http://www.novell.com/ 
coolsolutions/appnote/620.html). 


4 Click OK to set the changes and close the property pages. 


5.3 Setting Properties on Multiple Workstations 
after Installation 

You can also set properties on multiple workstations after installation using the Novell Client 
Update Agent. 


1 Make sure that Update Agent is configured on each workstation and that the Update Location 
has been specified. 


You can check the Update Agent settings in the Novell Client Properties. 


Update Agent can be configured during installation or after installation by enabling it on each 
workstation or using Automatic Client Upgrade. See “Enabling Novell Client Update Agent on 
a Local Workstation” on page 40 or “Enabling Novell Client Update Agent Using ACU 
Without Installing Novell Client Software” on page 40. 


2 Using the Novell Client Install Manager, create a configuration (unattend) file with the desired 
property settings. 


3 Copy the configuration (unattend) file to the i386 directory in the Update Location. 


4 Copy the cuagent.ini file from the admin directory to the i386 directory in the Update 
Location. 
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5 Modify the cuagent. ini file in the Update Location so that the [ClientSettings] section has 
the following settings: 


Update=YESUnattendFile=name of the_unattend_file 
6 (Optional) Make any additional changes to the cuagent.ini file. 

For example, you might want to modify the Display Prompt or Administrator Message settings. 
7 Run the Update Agent from the workstation. 

See “Setting Up the Novell Client Update Agent” on page 35. 


After settings are updated, the pathname, date, and time of the configuration (unattend) file is 
displayed in the Last Client Configuration Settings File on the Update Agent Property Page. 


5.4 Using DHCP 


If a DHCP server is set up on your network, the DHCP server can inform the Novell Client of 
network-specific configuration information. 


You can easily configure Novell DHCP servers (NetWare® 5 and later) to distribute this information 
to the clients. See the server configuration documentation for your NetWare product at the Novell 
documentation Web site (http://www.novell.com/documentation) for more information. 


Clients obtain configuration information from DHCP even when you statically configure the clients' 
IP addresses or even when the DHCP server used to supply the information is different from the 
DHCP server supplying an IP address to the clients. 


5.4.1 Using DHCP as an eDirectory Server Name Service 
Provider 


You can set up a DHCP server to inform Novell Client workstations that use the IP protocol about 
an eDirectory™ tree name and the IP addresses of servers that are on that tree. When using this 
feature, it is best to specify the IP addresses of the closest eDirectory servers containing partitions 
with the user information. 


5.4.2 Using DHCP to Distribute SLP Configuration Information 


You can configure the following SLP parameters through DHCP: 


e IP Address of SLP Directory Agents 
e SLP Scopes 


5.4.3 Using DHCP to Distribute IPX Compatibility Information 


You can configure the following IPX™ Compatibility parameters through DHCP: 


« IP Address of Migration Agents 
e CMD Network Number 
e Migration Agent List Stale Time 
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Managing File Security and 
Passwords 


This section explains the following: 


e NetWare File Security (page 55) 

e Managing Passwords (page 56) 

¢ Using Forgotten Password Self-Service (page 59) 

¢ Setting Up Passwords in Windows (page 63) 

° Setting Up AutoAdminLogon for Windows (page 63) 


6.1 NetWare File Security 


Novell® NetWare® networks restrict access to network files and folders based on user accounts. For 
example, a user connected to the network using the Administrator account might be able to delete or 
rename a file that other users can only open and edit. 


The NetWare file system keeps track of the rights that users have to files and directories on the 
network. When users try to access any file on a NetWare network, NetWare either grants access or 
prohibits certain things that users can do with the file. 


Rights are granted and revoked by creating trustee assignments. For more information, see 
“Changing Trustee Assignments” on page 55. 


File rights apply only to the file that they are assigned to. The rights can be inherited from the folder 
that contains the file. Folder rights apply not only to the folder but also to the files and folders it 
contains. 


6.1.1 Checking File or Folder Rights 


1 In Windows Explorer or My Network Places, right-click the file that you want to check. 
2 Click Properties > NetWare Rights. 
3 In the Trustees box, click the user account. 


The rights to the file or folder are displayed on the right-hand side. 


6.1.2 Changing Trustee Assignments 


You must have the Access Control right to change trustee assignments. 
1 In Windows Explorer or My Network Places, right-click the file that you want to check. 
2 Click Properties > NetWare Rights. 


3 Add trustees, remove trustees, or change the rights granted to trustees as needed. 


Trustee assignments override inherited rights. 
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To change an Inherited Rights Filter, click the Inherited Rights and Filters button on the NetWare 
Rights property page. 


6.1.3 Combining Multiple Trustees 


As an administrator, you might need to apply the same trustee assignments to a group of selected 
files. You can combine trustee assignments by selecting the Combine Multiple Trustees option on 
the NetWare Rights page. 


1 In Windows Explorer or My Network Places, click a file. 
2 Press and hold Control while clicking additional files. 
3 Right-click the selected files. 
4 Click Properties > NetWare Rights. 
The Combine Multiple Trustees option is enabled. 


This option is available only if you're viewing the NetWare rights for multiple files or folders. 
Additionally, at least one of the files or folders must have at least one trustee assignment. The 
trustees and rights shown are the combined trustees and rights for all the files. 


5 Select or deselect the Combine Multiple Trustees option. 


If you select this option, the trustee assignments that are shown are applied to all selected files 
after you click OK or Apply. 


For example, Kim is a trustee of file_a and file_b. Kim has Read, File Scan, and Access 
Control rights for file_a and Read and File Scan rights for file_b. If you select file_a and file_b 
and view their properties, Kim is shown as a trustee with Read, File Scan, and Access Control 
rights. 


If you select Combine Multiple Trustees and then click OK, Kim is given the Access Control 
right for file_b. Therefore, Kim now has Read, File Scan, and Access Control rights for both 
file_a and file_b. 


6 Click OK or Apply. 


6.2 Managing Passwords 


Starting with NetWare 6.5 and eDirectory™ 8.7.3, Novell provides password management tools that 
help administrators secure the network with stronger passwords and reduce password management 
by enabling end users to manage their own passwords. This set of tools is referred to as Universal 
Password. 


With Universal Password, users can employ a single username and password to access networks, 
applications, devices, Internet sites, online services, portals, and more. Administrators can reduce or 
eliminate the mundane task of resetting user passwords when they are forgotten or lost. Universal 
Password also manages multiple types of password authentication methods from disparate systems 
and provides extended password management capabilities. Universal Password is made possible by 
Novell Modular Authentication Services (NMAS™), advanced authentication technology that 
allows for multiple methods of authentication, including simple passwords, smart cards, biometrics, 
tokens, and digital certificates. 


Universal Password uses eDirectory plus NMAS to create just that-a “universal password” which is 
used for access to all resources. This common password type-taking the place of the combination of 
simple passwords, NDS® passwords, and enhanced passwords in eDirectory-allows for the 
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enforcement of strong password policies, such as minimum or maximum number of characters, a 
combination of alpha and numeric characters, and forced password reset. 


In addition, password policies let users set a hint for their passwords. If a password is entered 
incorrectly or is forgotten, users can click on the Password Help button and retrieve the hint they 
entered to help them remember their password. This reduces administrator time spent resetting 
forgotten passwords. 


For more information on deploying universal passwords, see the Universal Password Deployment 
Guide in the Novell Modular Authentication Services 3.0 Administration Guide (http:// 
www.novell.com/documentation/nmas30/admin/data/allq21t.html) and Managing Passwords by 
Using Password Policies (http://www.novell.com/documentation/password_management/ 
pwm_administration/data/ampxjj0.html) in the Novell Password Management Administration 
Guide. It is important that you understand the requirements for using these advanced password 
policies before rolling out any password changes to your network. 


In the Novell Client 4.91 for Windows 2000/XP and later, the Novell Client takes advantage of 
several of the features provided in Universal Passwords, including 
e Stronger password policies set in iManager. 


e Display of password requirements on the Change Passwords screen so that users know what 
policies you have set for passwords. 


e Access to password hints to help users remember their passwords. 
¢ Support for changing passwords. 


e Challenge-response for password reset. 


6.2.1 Creating Strong Passwords 


Password policies allow you to set strong password policies such as minimum or maximum number 
of characters, a combination of alpha and numeric characters, and forced password reset. You set 
password policies in Novell iManager and then assign them to users. Administering passwords by 
using Novell iManager automatically sets the Universal Password to be synchronized to simple and 
NDS password values for backwards compatibility. The NMAS task in iManager allows for 
granular management of individual passwords and authentication methods that are installed and 
configured in the system. 


For more information on setting up password policies in iManager, see Managing Passwords by 
Using Password Policies (http://www.novell.com/documentation/password_management/ 
pwm_administration/data/ampxjj0.html) in the Novell Password Management Administration 
Guide. Make sure that you read this documentation and understand the requirements before rolling 
out any password changes to your network. 

Then, use the Password Policy Wizard in iManager to set up the policies. 


1 Make sure you have completed the steps in Prerequisites for Using Password Policies. These 
steps prepare you to use all the features of password policies. 


2 In iManager, click Password Management > Manage Password Policies. 
3 Click New to create a new Password Policy. 


4 Follow the steps in the wizard to create Advanced Password Rules, Universal Password 
Configuration Options, and Forgotten Password selections for the policy. 
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For information about each step, see the online help as well as the information in Managing 
Passwords by Using Password Policies (http://www.novell.com/documentation/ 

password _management/pwm_administration/data/ampxjj0.html) in the Novell Password 
Management Administration Guide. 


6.2.2 Displaying Password Requirements for End Users 


Password policies ensure that passwords adhere to administrator-defined criteria. The user can 
examine these criteria by clicking the Password Policy or Policy button on any of the Change 
Password dialog boxes. 


Figure 6-1 Change Password Dialog Box 


Change Password 


‘You are changing passwords for the users 
listed below on the selected resources: Old Password: 


Resource User Name 
Aİ BC-TEST550 admin 
PCCPR_TREE test 


New Password: 


Confirm New Password: 


Password Hint 


Password Policy 
Show All Resources 


Figure 6-2 Change Expired Password Dialog Box 


Change Password 


Password expired for: 
CCPR_TREE\testCR 


Enter new password: 


Retype new password: 


The following is an example of the password criteria displayed in the Novell Client Login Screen. 
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Figure 6-3 Novell Client Password Policy 


Password Policy 


CCPR_TREE¢testCR.cpr 
User Can Change Password 
Password Required 
Minimum Password Length: 3 
Maximum Password Length: 12 
Maximum Number of Uppercase Characters: 7 
Maximum Use of a Character: 


Administrator's Message 


CCPR_TREE/testCR.cpr 
It's time to change your password again! 


6.3 Using Forgotten Password Self-Service 


You can use the Password Policy wizard in iManager to create a Password Policy, which provides 
users with the ability to recover from a forgotten password without contacting the help desk. 


The following features are supported: 


¢ Using the “Did You Forget Your Password?” Link (page 59) 
e Using Hints for Remembering Passwords (page 61) 


IMPORTANT: Before using Password Self-Service, review the information about Managing 
Passwords by Using Password Policies (http://www.novell.com/documentation/ 

password _management/pwm_administration/data/ampxjj0.html) in the Novell Password 
Management Administration Guide. 


Other applications that use the Universal Password might be able to use additional features such as 
Reset Self-Service and Challenge Sets. 


6.3.1 Using the “Did You Forget Your Password?” Link 


When you click the Did you forget your password? link on the Novell Login screen, the system 
invokes the Forgotten Password Policy specific to the user. The following three options are 
supported by the Novell Client for Windows: 

e Display a password hint. 


e Authenticate via Challenge Response and show a password reminder (requires eDirectory 8.8 
or later). 


e Authenticate via Challenge Response and reset the password. 


NOTE: The Novell Client does not support forgotten actions that involve e-mailing the 
password or the hint to the user. 
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Figure 6-4 Novell Client Login Screen 


Novell Client for Windows 4.91 SP2 


Novelle Client™ for Windows’ 


Username: ‘testCR 


Password: 


C Workstation only Did you forget your password? 


a ee 


NOTE: The Did you forget your password? link is available in Novell Client 4.91 Support Pack 2 
and later. Beginning in SP 2, the Client prompts users to populate the Challenge Response set if they 
log in and the sets have not been entered. 


The workstation administrator can choose to display or not display the Did you forget your 
password? link on the Novell Login dialog box. 


1 Right click the Red N, then click Novell Client Properties. 
2 Click the Advanced Login tab. 
3 Set the Forgotten Password Prompt option to On or Off. 


Before the Did you forget your password? link can work, you must complete the following: 


0 “Configuring Password Self-Service” on page 60 
Q) “Configuring Challenge/Response Settings” on page 60 


If you click the link before Password Self-Service is set up, you receive an error. If the administrator 
changed or set up a new policy, you are prompted on log in. 


IMPORTANT: Not all features of Forgotten Password Self-Service are implemented with the 
Novell Client at this time, including e-mailing passwords and hints. 


Configuring Password Self-Service 


Before users can use the Did you forget your password? link, the administrator must configure 
Password Self-Service and the user has to enter the optional information (password hint or responses 
to challenge questions). The administrator should also upgrade to eDirectory 8.8 or later. See 
Password Self-Service (http://www.novell.com/documentation/password_management/ 
pwm_administration/data/bqf5d1r.html) in the Novell Password Management Administration Guide 
for more information. 


Configuring Challenge/Response Settings 


After the administrator configures the challenge sets and password policies, users need to provide 
their information for the challenge sets in either of the following two ways: 
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e Right-click the Red N, then click User Administration > Challenge/Response Administration. 
Depending on how the administrator configured the challenge sets, users enter their 
information in the screens presented. For example, if the administrator specifies three questions 
in the challenge set, users enter information in three different dialog boxes. 


e Ifthe administrator selected the Force user to configure Challenge Questions and/or Hint upon 
authentication option on the Forgotten Password page in iManager, the client prompts users to 
enter this information when they log in and their challenge set information is missing or out of 
date. 


Figure 6-5 Forgotten Password Page in iManager 


Novell iManager - Mozilla Firefox 
File Edit View Go Bookmarks Tools Help 
af g ) A [O _https://cientcpro9/nps/servlet/webacc 
LJ * L) Next >> |] Customize Links |] Free Hotmail || Windows |) Windows Media 


ADMIN a= 
‘Collection Owner Access a g Żx = a N 


a Roles and e Ti Password Policy: egoample Password Policy.Password Policies. Security 


[All Categories] FAJE] 


Policy Summary \ Universal Password AZT- CIETA Policy Assignment 
© Directory Administration 


eDirectory Trees 
i Groups Select an action for a forgotten password request. The most secure method of user verification is to use challenge 

r3 sets, which require a user to answer a set of questions to prove his or her identity. Alternatively, you may select an 
= Help Desk 


= LDAP 


action that occurs without the user answering a challenge set. 


E NMAS | Enable Forgotten Password 
Novell Certificate Access Challenge Set 


E Novell Certificate Server Require a challenge set 
& Partition and Replicas Sample Challenge Set k 


E Passwords 
Uaa Use the Challenge Sets task to add a new Challenge Set to your list. 
Password Policies 
Policy Assignments 
Set Universal Password Choose an action: 
Allow user to reset password (Requires challenge set and Universal Password options) 


Action 


) ® 


E-mail current password to user (Requires challenge set and Universal Password options) 


bd 


E-mail hint to user 


> ¢ 


Create User 
Delete User 
Disable Account 
Enable Account 
Modify User 
Move User <<Force user to configure Challenge Questions and/or Hint upon authentication> 
Rename User 


Show hint on page 


C 


© 


To configure e-mail notifications, see Modify E-Mail Templates under Notification Configuration. 


Authentication 


cientcpro9 &@ Adblock 


6.3.2 Using Hints for Remembering Passwords 


If you specify a Forgotten Password Action that requires Password Hint, users will be required to 
enter a hint that is a reminder of their password. The Password Hint is checked to make sure that it 
does not contain the user’s password. Users must enter a new hint every time they change their 
password. 
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Figure 6-6 Define Password Hint Dialog Box 


Define Password Hint 


Notice: Password policy requires that you set up your Password Hint. 
Please enter a password hint to help you remember your password. 


Username: testCR 


Password Hint: || 


If a user clicks the Did you forget your password? link on the Novell Login screen, a dialog box 
containing their password hint is displayed. 


Figure 6-7 Forgotten Password Hint Dialog Box 


Forgotten Password: Hint: ccpr_tree/testCR.cpr [x] 


Password Hint: Without the vowels 


If a user enters an erroneous password, the login program displays an error message prompting them 
to retype their password or click the Did you forget your password? link. 


Figure 6-8 Password Error Dialog Box 


Novell Security Message 
ds The system could not log you into the network. 
Make sure your name and connection information are correct, then type your password again. 


If you have forgotten your password, click the forgotten password link. 


If the policy action is to show a hint but the user did not enter a hint for their current password, an 
error message is displayed telling the user to contact their system administrator to reset their 
password and to enter a hint the next time they set their password. 


Figure 6-9 Forgotten Password Error Dialog Box 


Forgotten Password: Error 


The administrator has enabled the Forgotten Password Policy on your account, but you don't have a password hint, IF you 
can't remember your password, contact the administrator to reset your password, then enter a hint when you set your 


password.: ccpr_tree/fptestu6.cpr 


Users can also create a hint at any time using the Change Password window available at log in or by 
pressing Ctrl + Alt+ Delete then clicking Change Password. 
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Figure 6-10 Change Password Dialog Box 


Change Password 


‘You are changing passwords for the users — — 
listed below on the selected resources: Old Password: 


Resource User Name 
GPBC-TEST5S50 admin 
QP CCPR_TREE _testCR 


New Password: 


Confirm New Password: 


Password Hint 


L Show All Resources 


6.4 Setting Up Passwords in Windows 


We recommend that you configure workstations to not use any of the Microsoft password 
restrictions available in User Manager. Novell Client works best if password restrictions are set in 
eDirectory. 


6.5 Setting Up AutoAdminLogon for Windows 


Windows 2000 and Windows XP can automate the logon process by storing passwords and other 
pertinent information in the Registry database. 


WARNING: There is a security risk to using the AutoAdminLogon feature. Usernames and 
passwords in the registry are visible to users. This feature also allows other users to start the 
computer and use the account to automatically log on even if the workstation is locked. Refer to the 
Microsoft recommendations on when to use AutoAdminLogon. For more information, see TID # 
10052847 at Novell's Support Web site (http://support.novell.com/cgi-bin/search/ 

tidfinder.cgi? 10052847). 


Use Registry Editor (regedit .exe) to add the needed logon information. 


WARNING: Using Registry Editor incorrectly can cause serious, systemwide problems that might 
require reinstalling Windows. 


TIP: To bypass the AutoAdminLogon process, and to log in as a different user, hold down the Shift 
key after a logout or after a Windows restart. 


6.5.1 AutoAdminLogon Options 


This section lists the options that you can choose from when setting AutoAdminLogon. To set the 
options, use the procedure in “Setting the AutoAdminLogon Options” on page 65. 


Additional information on AutoAdminLogon is also available in Technical Information Document # 
10052847 on the Novell Technical Support Web Site (http://www.novell.com/support). 
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For Windows Workstation Only 


Key: hkey_local_machine\software\microsoft\ 


windowsnticurrentversion\winlogon Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=1 AutoAdminLogon=0 


DefaultDomain or Local WorkstationName=Name of 
Domain or Local Workstation 


DefaultUserName=Windows User Name 


DefaultPassword=Windows Password for the 
DefaultUserName specified above 


For Windows Workstation and NetWare 


Key: hkey_local_machine\software\microsoft\ 


windowsnticurrentversion\winlogon Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=1 AutoAdminLogon=1 
DefaultDomain or Local WorkstationName=Name of DefaultLocationProfile=Name of the Location 
Domain or Local Workstation Profile that contains the information about the 

, Novell User to log in to the NetWare network such 
DefaultUserName=Windows User Name as Username, Tree, Context, and Server. 
DefaultPassword=Windows Password for the DefaultPassword=Novell Password for the 
DefaultUserName specified above DefaultUserName specified in the Location Profile 


Location profiles let you save a user's specific login information. The profile automatically sets up 
login information such as the user's name, server, tree, context, login script, and other applicable 
information so that the user does not have to type this information. For more information, see 
Section 7.3, “Setting Up Location Profiles,” on page 68. 


NOTE: The Credential information in the Location Profile is not used. The user information in the 
registry is used instead. 


For NetWare Only Using Dynamic Local User (DLU) for Windows 


Key: hkey_local_machine\software\microsoft\ 


windowsnticurrentversion\winlogon Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=0 AutoAdminLogon=1 


DefaultLocationProfile=Name of the Location 
Profile that contains the information about the 
Novell User to log in to the NetWare network such 
as Username, Tree, Context, and Server. 


DefaultPassword=Novell Password for the 
DefaultUserName specified in the Location Profile 
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Location profiles let you save a user’s specific login information. The profile automatically sets up 
login information such as the user’s name, server, tree, context, login script, and other applicable 
information so that the user does not have to type this information. In this case, the location profile 
must specify an eDirectory user with Dynamic Local User (DLU) privileges on the Windows 
workstation. For more information, see Section 7.3, “Setting Up Location Profiles,” on page 68. 


For Windows with Query for NetWare 


Key: hkey_local_machine\software\microsoft\ 
windowsnt\currentversion\winlogon 


AutoAdminLogon=1 


DefaultDomain or Local WorkstationName=Name of 
Domain or Local Workstation 


DefaultUserName=Windows User Name 


DefaultPassword=Windows Password for the 
DefaultUserName specified above 


For NetWare under Terminal Server 


Key: hkey_local_machine\software\microsoft\ 
windowsnt\currentversion\winlogon 


Turn Off AutoAdminLogon 


Key: hkey_local_machine\software\microsoft\ 
windowsnt\currentversion\winlogon 


AutoAdminLogon=0 


Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=0 
AutoAdminQueryNDS=1 


IMPORTANT: AutoAdminQueryNDS must be a 
DWORD value instead of a string value. 


Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=1 


DefaultLocationProfile=Name of the Location 
Profile that contains the information about the 
Novell User to log in to the NetWare network such 
as Username, Tree, Context, and Server. 


DefaultPassword=Novell Password for the 
DefaultUserName specified in the Location Profile 


Key: hkey_local_machine\software\novell\ login 


AutoAdminLogon=0 


6.5.2 Setting the AutoAdminLogon Options 


1 Start Registry Editor (regedit . exe). 


2 Locate the specified Registry keys and set the values as indicated. 


If a value does not exist, click Edit > New > String Value, type the name of the value, and then 
press Enter. All the values should be string values except for AutoAdminQueryNDS, which 
must be a DWORD value instead of a string value. 
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IMPORTANT: If no DefaultPassword string is specified, the value of the AutoAdminLogon 
key is automatically changed from 1 (True) to 0 (False), disabling the AutoAdminLogon 
feature. 


3 Exit the Registry Editor and log out of Windows. 


6.5.3 Changing Passwords in NetWare Login with 
AutoAdminLogon 


If AutoAdminLogon is enabled, be careful when running the NetWare Login utility from the icon in 
the NetWare (Common) group. When run as a standalone utility from the icon, NetWare Login does 
not recognize that the workstation is running AutoAdminLogon. 


If the primary connection's password expires when running NetWare Login from the icon, the user 
is given the chance to synchronize all NetWare and Windows passwords. Make sure that users do 
not synchronize the Windows password, because NetWare Login does not update the Registry 
setting for AutoAdminLogon. 
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Managing Login 


By completing the following, you can customize the Novell® Client™ login environment to suit 
your network and have greater control over what users can access during login. 

° Setting Up Login Scripts (page 67) 

° Setting Up Login Restrictions (page 67) 

e Setting Up Location Profiles (page 68) 

e Customizing the Novell Login Dialog Box (page 69) 

¢ Logging In to the Network (page 71) 

° Logging Out of the Network (page 72) 

° Setting Up LDAP Contextless Login and LDAP Treeless Login (page 72) 


7.1 Setting Up Login Scripts 


When a user successfully logs in to the network, one or more login scripts are executed which 
automatically set up the workstation environment. Login scripts are similar to batch files and are 
executed by the Novell LOGIN utility. You can use login scripts to map drives and search drives to 
directories, display messages, set environment variables, and execute programs or menus. 


For more information on setting up login scripts, see the Novell Login Scripts Guide. 


7.2 Setting Up Login Restrictions 


Login restrictions are limitations on user accounts that control access to the network. These 
restrictions can be set in Novell iManager or ConsoleOne® for each user and include the following: 


Requiring a password 


You can specify its minimum length, whether it must be changed and how often, whether it 
must be unique, and whether the user can change it. You can also require strong passwords. See 
Section 6.2, “Managing Passwords,” on page 56. 


Setting the number of logins with expired password and the number of incorrect login attempts 
allowed 


Setting account limits such as an account balance or expiration date 


Limiting disk space for each user by specifying the maximum blocks available for each user on 
a volume 


Specifying the number of simultaneous connections a user can have 


Specifying (by node address) which workstations users can log in on 


Restricting the times when users can log in (you can assign all users the same hours, or you can 
restrict users individually) 


When a user violates login restrictions by entering an incorrect password or the exceeding the 
number of logins with an expired password, the account is disabled and no one can log in using that 
username. This prevents unauthorized users from logging in. 
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7.3 Setting Up Location Profiles 


Location profiles let you save the information from a user's specific login to a location profile. When 
the user selects this profile during login, the profile automatically sets up login information such as 
the user's name, server, tree, context, login script, and other applicable information so that the user 
does not have to type this information. 


Location profiles are especially powerful for users who log in from multiple places. Users can have 
separate profiles for the office, home, laptop, or any other workstation they use. This simplifies the 
login process so that users do not have to remember their login information for each workstation. 
Using multiple location profiles also gives you control over what users can access from each 
workstation. 


You can create location profiles on a single workstation that are specifically customized for that 
user, or you can create location profiles that are more general in nature to be delivered during 
installation of the Novell Client for Windows using the Novell Client Install Manager. 


7.3.1 Creating a Location Profile on a Specific Workstation 
1 Right-click the Red N icon on the status bar, then click Novell Client Properties > Location 
Profiles. 
2 Type the name of the profile that you want to add, then click Add. 


3 From the Service menu, select one of the following: 


e Login Service (to configure login settings) 
e Connection Service (to configure your dial-up connection settings) 


4 From the Service Instance menu, do one of the following: 


e Select an existing service instance. 


e Type a name for a new service instance, then click Add to specify the settings for this 
service in the Novell Client Login window or Connection Services window. 


5 Click OK. 


7.3.2 Creating a Location Profile for Use on Multiple 
Workstations 


Location Profiles are one of many settings that can be predefined using a custom (unattend) 
configuration file that is applied during installation of the Novell Client. For more information, see 
“Creating the Configuration File (Unattend File)” on page 44. 
To create a location profile that will be distributed by Novell Client Install Manager: 

1 Start the Novell Client Install Manager to create a custom (unattend) file. 

2 Inthe Configurations Options window, click Client > Location Profiles. 

3 Type the name of the profile that you want to add, then click Add. 


4 From the Service menu, select one of the following: 


e Login Service (to configure login settings) 


e Connection Service (to configure your dial-up connection settings) 
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5 From the Service Instance menu, do one of the following: 


e Select an existing service instance. 


¢ Type a name for a new service instance, then click Add to specify the settings for this 
service in the Novell Client Login window or Connection Services window. 


6 Click OK. 


7 Inthe NCIMAN Parameter list, right click the location profile > Distribute and select whether 
to append or replace any existing location profiles already on the workstations. 


Appending an existing location profile merges the settings in this file with the settings that exist 
in the location profile already on a workstation. Replacing overwrites any existing location 
profile with this one. 


By default the new location profile item is automatically appended to any location profile that 
might exist on a workstation. 


WARNING: If you right-click and select Clear List and Distribute, the location profile you 
just created is deleted. 


8 Continue creating the configuration file. 
For more information, see “Creating the Configuration File (Unattend File)” on page 44. 
This file will be applied during the next client installation or can be run from a login script, by ACU, 
or by Update Agent. For more information on distribution methods, see Section 4.3.12, “Selecting a 


Network Server Distribution Option,” on page 48 and Section 4.1.1, “Understanding the Basic 
Novell Client Installation (setupnw.exe),” on page 21. 


7.3.3 Removing a Location Profile 


1 Right-click the Red N icon on the status bar, then click Novell Client Properties > Location 
Profiles to open the Novell Client property pages. 


2 Select the name of the profile that you want to remove, then click Remove > OK. 


7.4 Customizing the Novell Login Dialog Box 


The Novell Login dialog box can be customized to show the features that you want users to have 
access to. Customizing gives you control over the following: 


e Initial Novell login 


This disables the Novell Login window when the workstation is started. Users must then log in 
using the Red N menu or Start menu. 


NMAS authentication 


NMAS™ authentication adds additional security to the network. However, if your network 
does not use NMAS, login might take additional time and you might want to disable NMAS 
authentication. 


For more information, see “Disabling NMAS on the Server” in the Novell Modular 
Authentication Services 3.0 Administration Guide (http://www.novell.com/documentation/ 
nmas30/index.html?page=/documentation/nmas30/admin/data/am4bbpx.html). 
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IMPORTANT: In NCIMAN, you can control both the installation and use of NMAS. On the 
Installation > Setup page, there is an Install NICI and NMAS option. If you option when you 
create a configuration (unattend) file that is used to install multiple clients on your network, 
NICI and NMAS are not installed. In the Client > Advanced Login page, there is an NMAS 
Authentication option. If you deselect this option, Novell Client page does not use NMAS 
during authentication even if the component is installed. If the component is not installed and 
this option is selected, Novell Client login skips the NMAS authentication and installation 
continues. 


OEM extended ASCII password 


To enable the use of the OEM extended ASCII characters in passwords, select this option. You 
should use OEM extended ASCII characters only if you have legacy software that requires you 
to use the OEM Code Page. The latest versions of the Novell Client support extended ASCII 
characters using the UNICODE code page and do not need this setting to be enabled in order to 
handle special characters such as N or é. 


Default policy support 


After the user logs in to the network, the authentication server’s \sys\public\winnt 
directory is searched fora ntconfig.pol file. Ifthe file is found, the policy is applied to the 
user and workstation. 


Novell Login dialog box customization 


This dialog box can be customized to control the availability of certain login options. This 
gives you control over how users log in. 


Location list at the top of the dialog box 


Hiding the Location field is especially useful if you have set up only one location profile 
for a workstation. In this case, the Location field is not useful and might confuse or 
distract users. 


Advanced button 


If you have set up several location profiles and do not want users to change the data in 
various login fields (such as Tree, Context, Server, and Run Scripts), you can hide the 
Advanced button. 


Variables button on the Script tabbed page 


If you use %2, %3, %4, or %5 in the login script, you might want to set these values in the 
location profile but not allow users to change them. In this case, it might be helpful to hide 
the Variables button. 


Clear Connections check box 


If you want all connections to be cleared every time users log in, or if you don't want any 
connections to be cleared, you can set the value in the location profile and then hide the 
Clear Connections check box. 


NOTE: The Clear Connections check box is never visible during initial login, because an 
initial login automatically clears all connections. 


Workstation Only check box 


If you do not want to allow workstation-only logins—for example, if you want to require 
that users log in to NetWare” in order to use their workstations—you can hide the 
Workstation Only check box that appears under the Password field during an initial login. 
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Suppress Singles Sign-on for This Login check box 
This check box lets you disable the single sign-on process for the current login attempt. 
Tree field 


If the Novell Login dialog box is being used to log in to a specific tree, disable the Tree 
field to prevent users from changing the tree. 


Tree button 


If the Novell Login dialog box is being used to log in to a specific tree, disable the Tree 
button to prevent the user from changing the tree. 


Context field 


If the Novell Login dialog box is being used to log in to a specific tree, disable the Context 
field to prevent users from changing the context. 


Context button 


If the Novell Login dialog box is being used to log in to a specific tree, disable the Context 
button to prevent users from changing the context. 


Force Logoff button 


Force Logoff lets you terminate the previously logged-in user’s Novell Client session 
even if he locked the workstation. 


WARNING: Any unsaved work that the previous user had open is lost. To maintain open 
applications and current network connections, log in using the previously logged-in 
username and password. 


e Welcome screen 


You can customize the Welcome screen with a custom bitmap and caption. 


To show or hide any Login dialog box options: 


1 Right-click the Red N icon on the status bar, then click Novell Client Properties > Location 


Profiles to open the Novell Client property pages. 


2 Click Advanced Login. 
3 Inthe Show On Login section of the Advanced Login property page, select the items that you 


want to appear and deselect those that you do not want to appear. 


4 Click OK. 


7.5 Logging In to the Network 


IMPORTANT: We recommend that you do not use the command line LOGIN utility. 


There are several ways to initiate a Novell Client login after users have already logged in to 
NetWare or to the local workstation: 


Right-click the Red N icon on the status bar, then click Novell Login. 
Right-click Network Neighborhood, then click Novell Login. 
Click Start > Programs > Novell (Common) > Novell Login. 


In Network Neighborhood, double-click the desired tree or server and the Novell Login loads 
automatically. 
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¢ In Network Neighborhood, right-click the desired tree or server and then click either 
Authenticate or Login. 


e Run Lloginw32.exe from the command prompt. 


7.6 Logging Out of the Network 


To log in to new NetWare services while logging out of other servers or clearing the current 
connections, use the NetWare Client Login and select the Clear Current Connections option. 


If you want to log out of both the Windows workstation and NetWare, press Ctrl+Alt+Del and then 
click Logout. 


To log out of a specific server, right-click Network Neighborhood, click NetWare Connections, 
select the server or tree, and then click Detach. Or, right-click the Red N menu, click NetWare 
Connections, select the server or tree, and then click Detach. 


7.7 Setting Up LDAP Contextless Login and 
LDAP Treeless Login 


Several large Novell customers have used LDAP Contextless Login to facilitate the merging of 
several trees in to one global tree. Before LDAP Contextless Login, users were often plagued by 
having to change their context information in the login screen when changes took place in the tree 
structure. This resulted in IT costs to manage and support the change. LDAP Contextless Login 
makes it easier for users to work in the new global tree because it makes it unnecessary for the users 
to manage or know about changes to their organization's name or its placement in the hierarchy. 
Because users no longer need to enter their context to authenticate, the context can be changed on 
the back end as many times as necessary without the users having to know and without the costs 
associated with managing and supporting these changes. 


The Lightweight Directory Access Protocol (LDAP) is an Internet communications protocol that 
lets client applications access directory information. It is based on the X.500 Directory Access 
Protocol (DAP) but is less complex than a traditional client and can be used with any other directory 
service that follows the X.500 standard. Lightweight Directory Access Protocol (LDAP) Services 
for Novell eDirectory is a server application that lets LDAP clients access information stored in 
eDirectory. 


If your network has LDAP Services for Novell eDirectory set up on your eDirectory tree and you are 
running Novell eDirectory 8.5 or later, users who are logging in to the network from Windows can 
log in to the network without having to enter their context in the Novell Login screen. To log in, 
users need to know only their username, password, and the name of the tree that is running LDAP 
Services. Optionally, you can also have users log in to the network without having to specify the 
eDirectory tree name. 


User objects can be located in the tree by username or e-mail address. You can also enable wildcard 
searches. If wildcard searches bring up multiple usernames, the user is prompted to select his 
username. 


Generally, when a user connects to the network using LDAP, the connection is made through an 
LDAP client. Now, the Novell Client Login acts as an LDAP client and connects to the network. All 
LDAP clients bind (connect) to Novell eDirectory as one of the following types of users: 


e [Public] User (Anonymous Bind) 


72 Novell Client for Windows Installation and Administration Guide 


e Proxy User (Proxy User Anonymous Bind) 
* NDS® or eDirectory User (NDS User Bind) 


NOTE: The NDS User Bind is not used by LDAP Contextless Login. 


The type of bind and the rights assigned to the corresponding User object determine the content that 
the LDAP client can access. LDAP clients access a directory by building a request and sending it to 
the directory. When an LDAP client sends a request through LDAP Services for eDirectory, 
eDirectory completes the request for only those attributes that the LDAP client has the appropriate 
access rights to. There are additional restrictions that can be set to further secure connections. 


This documentation assumes that you are familiar with LDAP. It contains links to information about 
LDAP and eDirectory; it is not meant to replace or supersede the documentation about LDAP 
running on eDirectory. If you are unfamiliar with LDAP, you should familiarize yourself with 
LDAP and how it operates in your network. 


For more information on LDAP for Novell eDirectory, see “Understanding How LDAP Works with 
eDirectory” in the Novell eDirectory 8.7.3 Administration Guide. 


Before users can log in to the network without their context or tree information, you must complete 
the following steps: 
1 Set up Novell LDAP Services for eDirectory. 
See “Setting Up Novell LDAP Services for eDirectory” on page 73. 
2 Do one of the following: 
¢ If you are installing Novell Client software on a few workstations, install the software and 
then configure the Novell Client property pages so that the LDAP port number and SSL 


settings in the client properties match the settings on your LDAP server. See “Setting Up 
LDAP Contextless Login on One Workstation” on page 76. 


If you are installing Novell Client software on multiple workstations, preconfigure the 
LDAP contextless login property pages prior to installing the client software so that the 
LDAP port number and SSL settings in the client properties match the settings on your 
LDAP server (see “Setting Up LDAP Contextless Login on Multiple Workstations” on 
page 78). Then install the Client software. 


3 Inform users about contextless login. 
See “Logging In Using LDAP Contextless Login” on page 78. 
If you experience problems with LDAP Contextless Login, check the Server and Group object 
configurations. Most problems occur in the access rights given to the Proxy User. You can use any 
LDAP browser available from the Internet to check the access rights. Browse to the user and verify 
that you can read the inetOrgPerson property and other properties you are searching for, such as CN 


and MAIL. If these cannot be seen through the LDAP browser by logging in anonymously, 
contextless login cannot perform the proper searches to resolve the User object's context in the tree. 


7.7.1 Setting Up Novell LDAP Services for eDirectory 


Before users can take advantage of LDAP Contextless Login, the network must be running Novell 
LDAP Services for eDirectory 8.5 or later and you must have completed the following steps: 


1 Install and configure the LDAP Services for eDirectory on the LDAP server. 
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See “Understanding LDAP Services for Novell eDirectory” and “Configuring LDAP Services 
for Novell eDirectory” in the Novell eDirectory 8.7.3 Administration Guide. 


2 Do one of the following: 
e Grant the Read right to the Public Object. 


See “Connecting As a [Public] User” on page 74. 
e Create a Proxy User Object that has the correct rights. 


See “Connecting As a Proxy User” on page 74. 


Connecting As a [Public] User 


An anonymous bind is a connection that does not contain a username or password. If an LDAP 
client without a name and password binds to LDAP Services for eDirectory and the service is not 
configured to use a Proxy User, the user is authenticated to eDirectory as user [Public]. 


User [Public] is a nonauthenticated eDirectory user. By default, user [Public] is assigned the Browse 
right to the objects in the eDirectory tree. The default Browse right for user [Public] allows users to 
browse eDirectory objects but blocks user access to the majority of object attributes. 


The default [Public] rights are typically too limited for most LDAP clients. Although you can 
change the [Public] rights, changing them gives these rights to all users. Because of this, we 
recommend that you use the Proxy User Anonymous Bind. For more information, see “Connecting 
As a Proxy User” on page 74. 


To give user [Public] access to object attributes, you must do the following in iManager or 
ConsoleOne: 
1 Make user [Public] a trustee of the appropriate container or containers. 
2 Grant the Read right to user [Public]. 
Without the Read right, user [Public] cannot search containers for the User object information. 


You can grant the Read right to the specific attributes that LDAP Contextless Login searches 
for User objects or you can grant rights to all attributes. For example, you can grant rights only 
to the e-mail address or telephone number; when LDAP Contextless Login searches the tree as 
user [Public], it searches only these attributes. 


Connecting As a Proxy User 


A proxy user anonymous bind is an anonymous connection linked to an eDirectory username. If an 
LDAP client binds to LDAP for eDirectory anonymously, and the protocol is configured to use a 
Proxy User, the user is authenticated to eDirectory as the Proxy User. The name is then configured 
in both LDAP Services for eDirectory and in eDirectory. 


The key concepts of proxy user anonymous binds are as follows: 


¢ All LDAP client access through anonymous binds is assigned through the Proxy User object. 


¢ The Proxy User must have a null password and must not have any password restrictions (such 
as password change intervals). Do not force the password to expire or allow the Proxy User to 
change passwords. 


e You can limit the locations that the Proxy User can log in from by setting address restrictions 
for the Proxy User object. 
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The Proxy User object must be created in eDirectory and assigned rights to the eDirectory 
objects you want to publish. The default user rights provide Read access to a limited set of 
objects and attributes. Assign the Proxy User Read and Search rights to all objects and 
attributes in each subtree where access is needed. 


The Proxy User object must be enabled on the General page of the LDAP Group object that 
configures LDAP Services for eDirectory. Because of this, there is only one Proxy User object 
for all servers in an LDAP group. 


You can grant a Proxy User object rights to All Properties (default) or Selected Properties. In 
order for contextless login or treeless login to work, the Read right must be granted so that 
LDAP can search the container or tree for the User object. Typically, you assign the Proxy user 
rights to the Root of the tree so that LDAP can view the attributes of the User objects 
throughout the tree. However, you might want to restrict access by assigning the Read right 
only to individual Organizational Units that you want LDAP to search. 


For more information, see “Configuring LDAP Objects” in the Novell eDirectory 8.7.3 
Administration Guide. 


NOTE: LDAP Contextless Login requires clear text passwords to be enabled for LDAP. This does 
not affect the eDirectory password required during Login. They remain encrypted. 


To give the Proxy User rights to only selected properties on eDirectory 8.7 or later, complete the 
following steps. 


NOTE: LDAP Contextless Login works with eDirectory 8.5 or later. However, these steps apply 
specifically to eDirectory 8.7. If you are using a compatible version other than eDirectory 8.7, check 
the documentation that corresponds to your version for steps. 


In Novell iManager 


1 
2 
3 


Click the Roles and Tasks button. 
Click Rights Management > Modify Trustees. 


Specify the top container the Proxy User is to have rights over or click the Browse button to 
browse to the container in question, then click OK. 


4 On the Modify Trustees screen, click Add Trustee. 


O O ON CO 
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On the Contents screen, browse to and click the Proxy User's object. 


On the same screen, notice that the Proxy User's object appears in the Selected Objects area 
near the bottom. 


Click OK. 

On the Modify Trustees screen, click Assigned Rights for the Proxy User. 

Select the All Attributes Rights and Entry Rights options, then click Delete Property. 
Click Add Property, then select the Show All Properties in Schema options 


Select an inheritable right for the Proxy User, such as mailstop (in the lowercase section of the 
list) or Title, then click OK. 


To add additional inheritable rights, repeat Step 9 and Step 10. 
Click Done. 
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In ConsoleOne 


1 Right-click the top container that the Proxy User is to have rights over, then click Trustees of 
This Object > Add Trustee. 


2 Browse to the Proxy User, then click OK. 
3 Deselect the following: 


¢ The Browse right for the Entry Rights property 
¢ The Read and Compare rights for the All Attributes Rights property 
4 Click Add Property, then select the Show All Properties option. 


5 Select an inheritable right for the Proxy User, such as mailstop (in the lowercase section of the 
list) or Title, then click OK. 


To add additional inheritable rights, repeat Step 4 and Step 5. 
6 Click OK > Apply > Close. 
To implement proxy user anonymous binds on eDirectory 8.7 or later, you must create the Proxy 
User object in eDirectory and assign the appropriate rights to that user. Assign the Proxy User Read 


and Browse rights to all objects and attributes in each subtree where access is needed. You also need 
to enable the Proxy User in LDAP Services for eDirectory by specifying the same proxy username. 


In Novell iManager 
1 Click the Roles and Tasks button. 
2 Click LDAP Management > LDAP Overview. 
3 On the LDAP Overview screen, click the name of an LDAP Group object to configure. 
4 


In the Authentication Options area, type the name and context of an eDirectory User object in 
the Proxy User field. 


5 Click Apply > OK. 


In ConsoleOne 
1 Right-click the LDAP Group object. 
2 Click Properties > General. 
3 Type the name of an eDirectory User object in the Proxy Username field. 
4 Click OK. 


7.7.2 Setting Up LDAP Contextless Login on One Workstation 


After you have set up the LDAP Group object and assigned the correct rights to the User object that 
is associated with the proxy username, you need to set up LDAP Contextless Login on the 
workstations. 


If you want to install on a few workstations, complete these steps. If you want to install on many 
workstations, see “Setting Up LDAP Contextless Login on Multiple Workstations” on page 78. 


1 At the user's workstation, right-click the Red N icon on the status bar and then click Novell 
Client Properties. 


2 Click the LDAP Contextless Login tab. 
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Novell Client Configuration d 2x 


DSCAT Contextless Login | Update Agent | 
Default Capture | Protocol Preferences | 
Service Location | Advanced Settings | Advanced Menu Settings | 
Client | Location Profiles | Advanced Login | 

l 


LDAP Contextless Login Single Sign-on | DHCP Settings 


T Enable LDAP Treeless Login 
V Enable LDAP Contextless Login 
V Enable LDAP Context Search Scope 


Trees 


fe Add | 


Delete | 
Properties... 


Servers 
| Add | 
Delete | 
Properties | 


Settings... | 


3 Do one of the following: 


e To enable treeless login, select Enable Treeless Login. Enable Contextless Login is 
automatically selected for you because you must set up contextless login to enable treeless 
login. 

e To enable only LDAP contextless login, select Enable LDAP Contextless Login. 


4 Inthe Trees field, specify the name of an eDirectory tree running LDAP services and then click 
Add. 


5 Inthe Servers field, specify the IP address or DNS names of the server running LDAP services 
and then click Add. 


Order is important for speed and efficiency because servers are queried for their tree until one 
is found that matches the tree specified by the user. 


6 (Conditional) If this is the first time this server has been added to the list, check the server 
properties on the LDAP Server Properties page that appears to make sure that the timeout 
settings and data encryption settings are correct. 


If you are using Secure Socket Layer (SSL) to establish a secure connection, you must specify 
the path and name of the certificate on the workstation. You should also check to make sure 
that the correct port number is specified. 


7 (Conditional) If there are additional servers running LDAP, repeat Step 5 and Step 6 for each 
server. 


8 (Optional) Start searching for users in a certain context. 


8a Select Enable Context Search Scope. 
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8b Select the tree, then click Properties. 
8c Do one of the following: 
e To enable a search in the specified context and any containers in that context, select 
Search Context and Subtree. 
e To enable a search in the specified context only, select Search Context Only. 


8d Type the distinguished context delimited by commas (standard LDAP format), then click 
Add. 


For example: OU=TOK YO,O=DIGITALAIRLINE 


TIP: The LDAP property page does not ensure that this context is correct. If users have 
problems logging in, check that you typed this information correctly. 


8e (Optional) Add multiple contexts to be searched by repeating Step 8d for each context. 


The servers and contexts are searched in order. You can set the order they are searched by 
selecting a server or context and then clicking Up or Down to move its position in the 
search list. 


9 Click OK. 


10 (Optional) Specify additional eDirectory trees to use by repeating Step 4 through Step 9 for 
each tree. 


11 (Optional) Set the optional search and display parameters that LDAP Contextless login uses to 
search the eDirectory tree for users by clicking Settings. 


For example, because users do not need to specify their context, you might want to disable the 
Display Context parameter so that the context is not displayed during login. 


12 Click OK to effect the changes and close the property page. 


7.7.3 Setting Up LDAP Contextless Login on Multiple 
Workstations 


As with all property page settings, you can set these properties for multiple workstations both before 
and after installation. For more information, see Section 5.1, “Setting Properties During 
Installation,” on page 51 and Section 5.3, “Setting Properties on Multiple Workstations after 
Installation,” on page 52. 


7.7.4 Logging In Using LDAP Contextless Login 


When users log in to the network using LDAP Contextless Login, they must specify the necessary 
information based on the options you specified in the LDAP Contextless Login Settings Protocol 
page, the password, and the name of the tree running LDAP Services for eDirectory. The context 
information is added automatically to the Novell Login window when the username is found. 


If you choose to allow wildcard searches, users can perform a wildcard search and the LDAP 
database lists all possible users that meet the wildcard search criteria. 
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Printing to a Network Printer 


Printer setup can be automated so that users' workstations attach to the network printers they use 
each time they log in to the network. Users can use the network printers without having to manually 
connecting to the printer every time they want to print. 


After connecting to a network printer, users can select the printer from any application that they are 
using. See the application's documentation for information on using printers. 


This section includes the following: 


e Section 8.1, “Attaching to a Network Printer,” on page 79 
e Section 8.2, “Setting Up Point and Print,” on page 80 
e Section 8.3, “Printing DBCS Characters from DOS in Windows,” on page 81 


e Section 8.4, “Disabling NetWare Login Dialog Boxes Brought Up by the Print Provider,” on 
page 81 


8.1 Attaching to a Network Printer 


A printer driver for each type of printer must be installed on the workstations. 


Users can set up network printing on a workstation by specifying the name of the printer in any of 
the following programs: 

* Novell® iPrint 

e Windows Add Printer Wizard 

e Novell Capture Printer Port 
The following can automate printer connections so that the computer connects to network printers 
each time a user log in: 

* NetWare® Login Script 

e Restore Connections 


¢ Logon Script 


8.1.1 Setting Up Network Printing through the Windows Add 
Printer Wizard 


1 Click Start > Settings > Printers. 
2 Double-click Add Printer and follow the onscreen instructions. 
3 When prompted, click Network Printer Server and select a printer you want to use from the 
Shared Printers box. 
¢ For NetWare 4 or later networks, double-click Novell Directory Services® and find the 
context for the printer. Then select a Printer object from the list. 


e For NetWare 3 and bindery networks, double-click NetWare Servers. Then double-click 
the name of the server that supports the queues you want to use and select the queue. 
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4 (Conditional) If a dialog box prompts you to install a driver for the printer, click OK and install 
it. 


4a Select the name of the printer from the Driver box, then click OK. 
4b Type the path to the printer driver, then click OK. 


5 Run an application and select the network printer when you print. 
8.1.2 Specifying Capture Settings with Windows Printing 
Windows does not require captured printer ports to print to a network printer. Windows can use 


print devices that are associated with network printers. This allows applications to print directly to a 
network printer. 


e The CAPTURE utility does not affect Windows printer devices. 
e Captures are global. If you capture a printer port, the port is available for network printing from 
anywhere in Windows. 


Use the Capture Settings dialog box to specify printer settings for print captures created with 
Windows. This can be useful if you want to use a DOS or Windows 3.x application that relies on 
print captures and you can't put the capture in a login script. 
To access the Capture Setting dialog box: 

1 Right-click the Red N icon on the status bar. 

2 Click Novell Capture Printer Port. 

3 Type the correct information in the dialog box. 

4 Click Settings. 


These settings apply only to printer ports that are captured from Windows. Printer ports that are 
captured in a login script or from the command line do not use these settings. 


These settings do not apply to printers that appear in the Windows Printers folder. 


Changing the printer settings for a specific captured printer port does not change the default printer 
settings. 


8.2 Setting Up Point and Print 


1 Locate printer driver files from the Windows operating system CD-ROM or the Windows 
printer driver files supplied by the printer's manufacturer. 


Log in as Admin or as a user with Admin-equivalent rights for the printer or print queue. 
Select a printer or print queue in the Windows Explorer or Network Neighborhood. 


Click File > Properties > Setup Point and Print. 


a fF ON 


Specify the path for the printer driver files. 


You must be logged in to the tree or server where the path is located. You must also have 
sufficient rights for the specified directory to copy the files there. Users need Read and File 
Scan rights for the specified directory. 


6 Click Select Printer Model. 


7 Select the manufacturer of the printer. 
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8 Select the model of the printer. 
9 Click OK. 
The printer driver files are copied to the path specified in Step 5. 
10 Click OK again. 


8.3 Printing DBCS Characters from DOS in 
Windows 


In Windows, the default command window runs as a 32-bit process. In order to use the existing DOS 
printer driver for DOS-intrinsic commands, you must use a 16-bit command window. 


This allows DOS-intrinsic commands such as COPY and TYPE to use the print driver. 


The following instructions explain how to set up Windows to support this. These instructions also 
set up the Windows system to support the printer driver for DOS applications. 


1 Edit the autoexec.nt file, found in the ssystemroot%\system32 directory, adding the 
DOS printer driver for your specific printer after the following line: 


%SSYSTEMROOTS \SYSTEM32\VLMSUP. EXE 


Make sure that you copy the printer driver to the path you specify in the autoexec.nt file. 


2 Save acopy of the winnt_directory\system32\config.nt file with another 
filename, such as config.prt. 


3 Edit the new config file, adding the DOSONLY command to the file. 
4 Continue the setup process using the instructions for your specific version of Windows. 


4a Create a shortcut to the command.com program, found in the 
winnt directory\system32 directory. 


4b Right-click the shortcut icon, then click Properties. 


4c On the Program property page, click Windows and type the paths for the config and 
autoexec files that you created in Step | and Step 2. 


4d Double-click the shortcut icon. 
A DOS window opens. 


Only DOS applications can be run from this window, but anything that is printed is rendered by the 
printer driver that you installed. Any DOS commands that affect the print driver must be specified in 
this window. DOS applications can be started by any method. 


8.4 Disabling NetWare Login Dialog Boxes 
Brought Up by the Print Provider 


If users log in to a workstation but do not log in to NetWare and they have NetWare printers 
installed, they are prompted to log in to NetWare once by the QMS print provider and once by the 
NDPS® print provider. These login dialog boxes can be disabled if desired. 


Windows has two registry setting options for disabling login dialog boxes: 


e HKLM\SOFTWARE\Novell\Print\Delay Login\Delay Login=1 
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The print provider tells Windows that the printer is a NetWare printer even though the user is 
not authenticated. Then, the provider waits for an action that requires authentication is detected 
before displaying a login dialog box. 

e HKLM\SOFTWARE\Novell\Print\Never Login\Never Login=1 


The print provider never displays the NetWare login dialog, and print jobs sent prior to 
authentication fail. A message similar to the following is displayed: 


Error writing to \\TREE\QUE.context: A write fault occurred on the 
network. Do you wish to retry or cancel the job? 
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Uninstalling the Novell Client 


This section explains the following: 


e Uninstalling the Novell Client (page 83) 
¢ Uninstalling Network Components Using Update Agent or ACU (page 83) 
¢ Uninstalling Network Components during an Upgrade (page 83) 


9.1 Uninstalling the Novell Client 


1 Click Start > Settings > Control Panel. 
2 Double-click Add/Remove Programs. 
3 Locate and select the Novell® Client™ software, then click Change/Remove. 


The Novell Client software is removed. However, some files might stay on the workstation 
until it is rebooted. 


4 Reboot your workstation. 


9.2 Uninstalling Network Components Using 
Update Agent or ACU 


You can uninstall network components from Novell Client software using either the Update Agent 
(if it has been configured) or the Automatic Client Upgrade (ACU). This lets you uninstall 
components that are no longer in use in your network. 


1 (Conditional) If you are using the Update Agent to uninstall network components, ensure that it 
is has been configured. 


Update Agent needs to be configured during a software installation or upgrade. You can enable 
Update Agent using ACU or you can enable it locally on each workstation. See “Enabling 
Novell Client Update Agent Using ACU Without Installing Novell Client Software” on 

page 40 or see “Enabling Novell Client Update Agent on a Local Workstation” on page 40. 


2 Modify the acu.ini file so that the components you want to uninstall are set to Yes in the 
[UNINSTALL] section of the .ini file. 


See “Modifying the ACU Configuration File” on page 41 for more information. 
3 Run Update Agent or run ACU from the login script. 
See “Installing and Upgrading the Novell Client on Multiple Workstations” on page 21. 


The components are uninstalled. 


9.3 Uninstalling Network Components during an 
Upgrade 


If you are planning to upgrade to the next version of the Novell Client for Windows and you 
currently have one or more optional components installed that you would like to have uninstalled, 
you can accomplish both tasks at the same time. For example, if you currently have Novell 
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Distributed Print Services™ installed on a workstation and you want to uninstall it so that you can 
later install Novell iPrint, you can perform the uninstall of Novell Distributed Print Services while 
you are installing the next version of the Novell Client for Windows. 


There are two methods you can use to uninstall components during the upgrade process: 


e Modify the ACU configuration file (acu. ini) to uninstall components before the upgrade of 
the Novell Client 


e Create a configuration (unattend) file in NCIMAN and select components to be uninstalled. 


Using ACU 


1 Modify the [Uninstall] section of the acu.ini file and select YES for all components you want to 
uninstall. 


See “Modifying the ACU Configuration File” on page 41. 
2 Install the Novell Client using one of the network or Web-based installation methods. 


See Chapter 4, “Installing and Upgrading the Novell Client on Multiple Workstations,” on 
page 21. 


Using NCIMAN 
1 Create a configuration (unattend) file using nciman.exe. 
See “Creating the Configuration File (Unattend File)” on page 44. 
2 From the Installation group, select the components you want to remove. 


On the component’s property page, select Remove This Component for each component you 
want uninstalled. 


4 Save the configuration (unattend) file. 


5 Run Update Agent or run ACU from the login script and specify this configuration (unattend) 
file. 


See “Installing and Upgrading the Novell Client on Multiple Workstations” on page 21. 


The client software is installed and the unwanted components are removed. 
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Troubleshooting Issues 


This appendix provides troubleshooting information for the following known issues related to the 
Novell® Client™ for Windows: 

e Installation (page 85) 

° Login Restrictions Set for IPX/SPX Prevent User from Logging In (page 86) 

° Login Script (page 86) 

¢ Printing Issues (page 88) 

¢ Software Compatibility Issues (page 88) 


TIP: If you do not find a solution to your issue here, check the Novell Client Readme as well as the 
Novell Technical Support Web site (http://support.novell.com). 


A.1 Installation 


e Section A.1.1, “IPX Compatibility Mode and the IPX Internal Network Number,” on page 85 
e Section A.1.2, “Novell Client Cannot Install If Local Area Connection Page Open,” on page 85 


e Section A.1.3, “Uninstall Novell Client First When Upgrading the Windows Operating 
System,” on page 85 


° Section A.1.4, “NDPS Update Required on NetWare 5.1,” on page 86 


e Section A.1.5, “Password Issues,” on page 86 


A.1.1 IPX Compatibility Mode and the IPX Internal Network 
Number 


Workstations using IPX™ Compatibility Mode cannot have an IPX internal network number 
configured. If you have configured an IPX internal network number on your workstation and you 
plan to install the Novell IP Client with IPX Compatibility Mode, then remove the IPX internal 
network number before installing the client. 


A.1.2 Novell Client Cannot Install If Local Area Connection 
Page Open 


The Novell Client cannot be installed on Windows XP if the Local Area Connection Properties Page 
is open. Close this page before running the Novell Client install. 


A.1.3 Uninstall Novell Client First When Upgrading the 
Windows Operating System 


If you are upgrading your Windows operating system on workstations that already have the Novell 
Client installed, you must first uninstall the Novell Client to ensure a clean upgrade. 


Troubleshooting Issues 


85 


On Windows XP, you can install the client software from the network on workstations running the 
Microsoft Client Service for NetWare®. Run the install by logging in to the server using bindery 
emulation. 


A.1.4 NDPS Update Required on NetWare 5.1 


An update to NDPS® is required to solve a client hang. Install the dprpcnim.nlm file, dated 22 Nov 
2000 or later. This update is included in NetWare 5.1 Support Pack 3. Refer to TID 10062546 (http:/ 
/support.novell.com/cgi-bin/search/searchtid.cgi?/10062546.htm). 


A.1.5 Password Issues 


We recommend that administrators configure Windows workstations to not use any of the Microsoft 
password restrictions available in User Manager. Novell Client for Windows works best if password 
restrictions are left up to eDirectory™. 


For more information on Novell's Universal Password and advanced password management, see 
Section 6.2, “Managing Passwords,” on page 56. 


A.2 Login Restrictions Set for IPX/SPX Prevent 
User from Logging In 


Login restrictions are set for IPX/SPX™ and the node address. When the administrative workstation 
is reset, the new client files are automatically updated and the reboot prompt is displayed. After 
restarting, the workstations that are placed in the restriction list as being able to log in as admin and 
which now have the new client cannot log in and no administration of the server can be done. 


This is a problem with preferring the IP protocol. The allowed addresses assigned in eDirectory are 
IPX addresses. If the server is bound to IP, the clients are designed to prefer this protocol by default. 
The result is that the client is attempting to log in to the server using IP but the address is restricted 
to allow only IPX addresses, causing an authentication failure. This is due to the IP address not 
being stored in eDirectory. 


Do not bind IP to the server until static IP addresses have been assigned. Or, change your protocol 
preference to IPX. 


A.3 Login Script 


e Section A.3.1, “CAPTURE Execution in a Login Script,” on page 86 


e Section A.3.2, “Login Script Command SET_TIME ON/OFF Error if User Does Not Have 
Administrator Rights,” on page 87 


e Section A.3.3, “Map.exe Utility,” on page 87 
e Section A.3.4, “Drive Mappings Automatically Root Mapped,” on page 87 


A.3.1 CAPTURE Execution in a Login Script 


If you use a login script that contains an external CAPTURE command using capture.exe, the screen 
might go blank with a blinking cursor in the upper-left corner. The capture eventually executes and 
the screen returns to normal. 
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This happens if Windows is set to “full screen” when the CAPTURE command is executed from the 
login script. Although the system might be working correctly, a slow server performing the capture 
with a blank screen may make it appear otherwise. 
To correct this problem: 

1 Double-click My Computer, then click Control Panel > MS-DOS Console. 

2 Inthe Console Windows Properties dialog box, click the Options tab. 

3 From the Display Options group, click Window. 


A.3.2 Login Script Command SET_TIME ON/OFF Error if User 
Does Not Have Administrator Rights 


Novell Client for Windows Properties > Advanced Settings contains a Set Station Time property. 
When this setting is On, and the logged-in user has administrator rights, the workstation time is 
synchronized with the network during GINA Login. The login script SET TIME command has no 
effect on time synchronization, because the time is being synchronized before the script command is 
processed. When the setting is Off, the SET_TIME ON script command has an effect when scripts 
are run, and the workstation time is synchronized with the network. 


If the logged-in user does not have administrator rights on the workstation, an error is displayed 
when the login script runs and the time is not synchronized. 


A.3.3 Map.exe Utility 


The map.exe utility might function improperly if the computer's DOS environment size is too 
small. If you encounter problems while running map.exe, increase the DOS environment size by 
adding or editing the SHELL= line in the winnt\system32\config.nt file. For example: 


SHELL=SSYSTEMROOT%\SYSTEM32\COMMAND.COM /E:2048 


Map.exe was not designed as a Windows executable and, therefore, does not recognize drives 
mapped to NT servers as network drives. Consequently, the MAP command does not list NT 
network drives. The Windows NT NET USE command can be used to correctly connect and list 
network drives for both NetWare and NT servers. 


A.3.4 Drive Mappings Automatically Root Mapped 


In Windows, all drive mappings made using the NetWare Login are root mapped. Because of this, 
programs cannot access directories above the directory that the drive is mapped to. This feature 
affects only MAP commands performed in a login script. After Windows has been started, Windows 
allows you to map only to the root. 


You can turn off the default by adding SET MAPROOTOFF=”1” as the first line in the login script. 
This globally forces all workstations using the login script to not map root drives. 
Or, you can perform the following procedure on a local workstation: 

1 Right-click My Computer. 

2 Click Properties > Advanced > Environment. 

3 Click New to create a new variable. 


4 Type MAPROOTOFFE as a variable. 
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5 Set the value of the MAPROOTOFF variable to 1. 
6 Click OK > OK. 


A.4 Printing Issues 


You might experience difficulties printing through NDPS if your network connection is dropped and 
later auto-reconnects. You could receive the following error messages: 


Error writing to <printer>: Space to store the file waiting to be 
printed is not available on the server. 


A write fault occurred while printing. 


To resolve this problem, you must download and install NetWare 5 Support Pack 2 or later. Then 
complete the following: 

1 At the server console, load ndpsm.nim to load NDPS Manager on the server. 

2 From the NDPS Manager main menu, select Printer Agent List. 

3 Select a Printer Agent. 

4 After the Printer Agent information is displayed, click Configuration: (See Form). 


5 From the configuration screen, change the Security Level from High to Medium. 


A.5 Software Compatibility Issues 


Novell Client for Windows coexists with the Microsoft SMB Client. The Microsoft SMB Client 
utilizes NetBIOS, which increases the utilization of your network. 


If you want to prevent the Microsoft SMB Client from communicating over NetBIOS, modify your 
workstation configuration by unbinding the workstation and server from NetBIOS on the Network 
Properties page. 


88 Novell Client for Windows Installation and Administration Guide 


Documentation Updates 


The Novell® Client™ for Windows Administration Guide has been updated with the following 
information on the following dates: 


e Section B.1, “August 19, 2005 (SP1),” on page 89 
* Section B.2, “December 23, 2005 (SP2),” on page 89 


B.1 August 19, 2005 (SP1) 


Location Change 


Section 6.2, “Managing Passwords,” on page 56 Reorganized section. 


Section 6.3.1, “Using the “Did You Forget Your This section was added. 
Password?” Link,” on page 59 


B.2 December 23, 2005 (SP2) 


Location Change 


Entire guide Page design reformatted to comply 
with revised Novell documentation standards. 


Section 6.2.2, “Displaying Password Updated section to reflect changes made in the 
Requirements for End Users,” on page 58 Novell Client for Windows 4.91 SP2. 
Section 6.3, “Using Forgotten Password Self- Updated section to reflect changes made in the 
Service,” on page 59 Novell Client for Windows 4.91 SP2. 
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